Ransomware remains the world’s top cyberthreat, according to Check Point Research’s latest security report, with RansomHub quickly emerging as the fastest-growing group operating through Ransomware-as-a-Service (RaaS).

As of September 2024, RansomHub accounted for 19% of all ransomware victims published in shame sites, marking a shift in the cybercriminal landscape. Meanwhile, Lockbit – once dominant – has seen a significant decline and being responsible for only 5% of new victims, many of which were recycled from previous attacks.

“These findings reflect a transition in the ransomware ecosystem as new actors adopt advanced tactics including data extortion and remote encryption which challenge traditional security defences across various industries,” says Shayimamba Conco, security evangelist at Check Point Software Technologies.

The report also highlights critical vulnerabilities in key sectors, with industrial manufacturing and education being the most heavily targeted by ransomware groups – particularly in the US.

Key insights from the report include:

  • RansomHub’s Rise: Since its inception in February 2024, RansomHub has grown rapidly targeting US-based companies including notable victims in the healthcare sector – despite its stated policy of avoiding non-profits and hospitals.
  • Lockbit’s Decline: Once the dominant player, Lockbit now accounts for only 5% of victims. Many of these were recycled from previous attacks, suggesting that the group’s affiliates scale has diminished significantly.
  • Meow Ransomware’s Evolution: Moving away from traditional encryption tactics, Meow now focuses on data theft and extortion reflecting the broader trend toward non-encryption-based ransomware strategies.
  • Sectoral Impact: Industrial manufacturing remains the most targeted sector followed closely by education. And healthcare organisations continue to be targeted despite some groups’ public statements against attacking such institutions.

“RansomHub’s rapid growth and advanced tactics like remote encryption are reshaping the ransomware landscape,” says Sergey Shykevich, group manager, Products – R&D, at Check Point Software Technologies. “It’s crucial that organisations adopt AI-powered and proactive threat prevention to stay ahead of these emerging threats.”