TechTarget reports that RansomHub has become the leading ransomware-as-a-service group following the dismantling of LockBit earlier this year, based on ESET’s Threat Report H2 2024, which highlighted ransomware trends including shifts in tactics and emerging groups alongside a rise in macOS-targeted attacks.
Operation Cronos, a collaborative law enforcement effort launched in February, resulted in the arrest of LockBit leader Dmitry Yuryevich Khoroshev and the seizure of the group’s infrastructure. This disruption created a gap that was quickly filled by RansomHub, which has targeted nearly 500 victims, including Halliburton and Kawasaki Europe. Employing tactics such as living-off-the-land techniques and targeting both Linux and Windows systems, the group is suspected to include former affiliates of LockBit and BlackCat. ESET also highlighted the Embargo ransomware group, which is notable for its use of Rust-based tools and ability to adapt tactics mid-attack. While ransomware detections decreased globally by 23% in the second half of 2024, state-aligned groups from North Korea, China, and Iran are increasingly adopting ransomware strategies. Additionally, macOS systems have seen a significant rise in threats, with a 127% increase in password-stealing malware targeting cryptocurrency wallets.
