Dive Brief:

• Ransomware groups initiated more than 2,570 attacks on organizations in the first half of 2024, Rapid7 said in a Tuesday report. This breaks down to 14 publicly claimed ransomware attacks per day, according to Rapid7.
• More groups are conducting ransomware attacks and ramping up pressure on alleged victims, as the number of ransomware groups posting to data leak sites increased 67% during the six-month period ending in June. Rapid7 tracked an average of 40 ransomware groups posting to data leak sites per month, a jump from the 24 groups seen in the same period last year. 
• The number of posts on data leak sites grew too, reaching a total of 2,611 posts by 68 ransomware groups in the first half of the year, a 23% increase over last year, according to Rapid7.

Dive Insight:

As the number of attacks continues to rise, the industry and law enforcement’s collective efforts to curb ransomware attacks are falling flat.

“While law enforcement efforts are making an impact (we see a drop in LockBit activity in June related to this), the carrot still appears to be much larger than the stick,” Rapid7 researchers wrote in the report.

An international law enforcement takedown of the LockBit ransomware group’s infrastructure in February coincided with a slowdown in activity attributed to the notorious group, but other ransomware criminals filled that void and then some.

The number of these posts was up every month during the first six months of the year compared to 2023, and each post represents a ransomware criminal’s attempt to extort an organization.

Rapid7’s findings accentuate an upward trend and puts 2024 on pace to surpass the total number of ransomware attacks and data leak site posts observed by researchers last year — and the year prior.

Threat groups claimed responsibility for ransomware attacks in 4,520 posts on data leak sites last year, a 75% increase from 2022, according to a Mandiant report in June.