RansomHub has become the most prolific ransomware group, overtaking LockBit, claiming the number one spot in successful attacks per Symantec's Q3 2024 threat intelligence report. Symantec mentioned RansomHub's growth being attributed to recruiting experienced affiliates for their ransomware-as-a-service operation, offering better terms than competitors. LockBit, previously leading, experienced a significant drop in successful attacks in Q3 following an international law enforcement operation earlier in the year, possibly eroding trust among affiliates
Qilin also saw an increase in victim count, highlighting the rise of ransomware activities according to Symantec's findings. The report noted a discrepancy between claimed attacks and those investigated by Symantec, revealing insights into popular ransomware tools and techniques used by threat actors, such as living off the land, bring your own vulnerable driver, remote desktop/admin abuse, and data exfiltration methods. ```https://www.infosecurity-magazine.com/news/ransomhub-overtakes-lockbit/