Nineteen percent of all ransomware attack victims in September were compromised by the RansomHub operation, making it the most active ransomware gang despite only emerging in February, Cybernews reports.
Play, Qilin, Medusa, and LockBit — which was the dominant ransomware operation in 2022 and 2023 before being subjected to law enforcement crackdowns this year — completed the top five, according to an analysis from Check Point.
Operating as a ransomware-as-a-service was noted by researchers to have been beneficial to RansomHub, whose remote encryption attacks mostly targeted the U.S. and Canada, particularly organizations in the industrial manufacturing and healthcare sectors.
Additional findings revealed that the threat landscape's shift to RaaS has reduced the barrier of entry for less sophisticated threat actors, who are expected to mostly target industrial manufacturing, healthcare, and education entities. "Global affiliate networks have democratized cybercrime, driving an alarming increase in attack volume. The future of ransomware shows no signs of slowing down," said the report.