Kaspersky experts have reported a significant rise in targeted ransomware activity, with the number of active ransomware groups increasing by 35% between 2023 and 2024 – reaching 81 groups globally. Despite this surge, the number of infected victims dropped by 8% during the same period, reaching an estimated 4,300 victims worldwide. The UAE, South Africa, Saudi Arabia, and Turkiye emerged as the most frequently targeted countries in the region.
According to Kaspersky research of data leak sites of targeted ransomware groups, the number of ransomware groups continued to rise for the second consecutive year, despite two major disruptions targeting LockBit and BlackCat in 2024 – indicating that such attacks remain highly lucrative for cybercriminals.
Targeted ransomware groups use techniques such as exploiting vulnerable internet-exposed services, social engineering, and leveraging traded initial access on the dark web to infiltrate victims. There is also growing evidence also suggests increased collaboration among these groups, including the exchange of malware and hacking tools to achieve their objectives.
Maher Yamout, Lead Security Researcher for the Middle East, Turkiye and Africa at Kaspersky, suggest some plans to protect institutions. He said: “By identifying and securing your corporate network’s entry points and understanding the tactics used by ransomware groups, companies can better protect their digital assets against targeted ransomware attacks. Failing to address both aspects, significantly increases a company’s vulnerability.”
To help organizations strengthen their defenses, Kaspersky recommends the following:
• Employee education and cybersecurity training is necessary as human error is a common cause for cybersecurity breach and can serve as an initial point of access for ransomware attacks.
• The Kaspersky Threat Intelligence is an essential tool which provides in-depth threat intelligence and real-time insights on the history, motivations and operations of targeted ransomware groups. In addition, Kaspersky’s Digital Footprint Intelligence monitors external threats for companies’ assets in Surface, Deep and Dark web, strengthening defense against credential leaks.
• Keep all devices and systems updated to prevent attackers from exploiting known vulnerabilities.
• Set up offline backups that intruders cannot misuse, and make sure you can access it quickly in an emergency.
• Kaspersky’s multi-layered, next generation protection detects ransomware at both the delivery stage and execution stage of the attack. Kaspersky Next , which combines exploit prevention, behavior-based detection, and a powerful remediation engine capable of rolling back malicious actions. It also features built-in self-defense mechanisms to prevent tampering or removal by attackers.
