"LockBit, Black Basta, Play Dominate Ransomware in Q1 2024"

According to security researchers at ReliaQuest, LockBit, Black Basta, and Play have been the most active ransomware groups in Q1 2024, with Black Basta experiencing a notable 41% increase in activity. The researchers noted that LockBit faced a significant setback due to law enforcement actions in February and despite efforts to restore operations, LockBit’s activity decreased by 21% compared to the previous quarter. The group’s reputation among affiliates also suffered, with cybercriminal forum chatter reflecting apprehension about collaborating with a group compromised by law enforcement. The researchers believe that the emergence of the DarkVault group suggests a potential rebranding strategy by LockBit to evade scrutiny. The similarities in branding between DarkVault and LockBit, including font, color scheme, and ransom demand format, hint at a possible connection between the two groups. The researchers forecast a resurgence of the Clop ransomware group, targeting vulnerable enterprise file transfer software. Additionally, increased exploitation of cloud and SaaS platforms and advancements in AI and machine learning are expected to shape ransomware campaigns in the coming months. To mitigate ransomware risks, the researchers emphasized the importance of proactive security measures, including multi-factor authentication (MFA), least privilege access, and regular patch management.

Infosecurity Magazine reports: "LockBit, Black Basta, Play Dominate Ransomware in Q1 2024"