RansomHub Emerges as Leading Ransomware Group After LockBit Takedown
December 23, 2024 – RansomHub has ascended as the leading ransomware-as-a-service (RaaS) group following the dismantling of LockBit earlier this year, according to ESET’s Threat Report H2 2024, highlighted by TechTarget. The report tracks evolving ransomware trends, including emerging threat groups and a notable rise in macOS-targeted attacks.
Operation Cronos, a joint law enforcement operation launched in February 2024, resulted in the arrest of LockBit leader Dmitry Yuryevich Khoroshev and the seizure of the group’s infrastructure. This crackdown created a power vacuum swiftly filled by RansomHub. The group has since claimed nearly 500 victims, including notable organizations such as Halliburton and Kawasaki Europe.
RansomHub’s success lies in its sophisticated techniques, such as living-off-the-land strategies and simultaneous targeting of Linux and Windows systems. Reports suggest the group has absorbed former affiliates of LockBit and BlackCat, further enhancing its operational capacity.
Adding to the complexity of the ransomware landscape, ESET’s report also highlighted the emergence of Embargo, a Rust-based ransomware group capable of adapting its tactics mid-attack. Globally, ransomware detections have dropped by 23% in the second half of 2024, but state-aligned groups from North Korea, China, and Iran are increasingly leveraging ransomware as a tool.
The report underscores a worrying trend for macOS users, with a 127% rise in password-stealing malware targeting cryptocurrency wallets.
Ransomhub Decryptor, a specialized tool designed to neutralize RansomHub ransomware, continues to aid affected organizations. The service recently assisted a UAE-based company in recovering 800 GB of encrypted data, showcasing its critical role in combating these advanced threats.
As ransomware tactics evolve, security professionals are urged to stay vigilant, particularly given the increasing diversity of targets and attack strategies in 2024