April – June 2024
Following an increased pace of observed ransomware operations in Q1 2024, Q2 saw continued growth of reported victims relative to Q1 2024. This increase was paired with the rise of distinct active ransomware groups between Q1 and Q2, continuing the trend of diffusion of victims between a greater number of seemingly distinct groups.
The Technology industry saw increased impacts from ransomware relative to other industries, becoming the second most impacted industry in Q2 2024 with 107 claimed victims, representing its highest relative placement among industries since Q3 2023.
In this quarterly report, we explore the continued operations of the insular ransomware group, Play, in our TA spotlight. Later, we turn our attention to RansomHub, a Developing Ransomware-as-a-Service (RaaS) group first observed in February 2024, to explore assessments of the group’s provenance. Finally, we review LockBit’s discredited post claiming the United States Federal Reserve as a victim, later revealed to reflect the data of a financial organization.
Throughout the remainder of this quarterly report, we outline trends, observations, and key takeaways pertaining to observed ransomware operations and events from April – June 2024.
