Tech Talk
Top Ransomware Groups of 2024: LockBit Leads, But RansomHub Is Closing In
As 2024 nears its end, the ransomware landscape remains as volatile and competitive as ever, with cybercriminal groups battling for dominance in terms of activity and impact. LockBit currently holds the top position with 549 recorded incidents, but RansomHub is closing in fast with 512 attacks, leaving experts speculating whether it could overtake LockBit before the year ends.
The competition for the top spot is not the only notable trend this year. The Play ransomware group secures third place with 334 incidents, maintaining a steady position on the leaderboard. Meanwhile, Akira emerges as one of the most dynamic actors of 2024, climbing two positions to claim fourth place with 220 incidents. This sharp rise highlights its growing influence in the ransomware ecosystem.
ALSO READ : Call for Papers on AI/ML in Predictive Policing and Digital Forensics for FutureCrime Summit 2025
Hunters also shows an upward trajectory, moving into fifth place with 207 attacks, while Medusa Blog drops to sixth with 195 incidents. Black Basta rounds off the top seven with 176 attacks, demonstrating consistent activity despite not experiencing any significant shifts in rank.
The intense activity among these groups underscores the growing sophistication and scale of ransomware operations. From targeting critical infrastructure to leveraging advanced encryption techniques and extortion methods, these groups are evolving rapidly to evade detection and maximize their financial gains.
With less than a month left in 2024, the question remains: can RansomHub overtake LockBit, or will the latter retain its crown as the most active ransomware group of the year? One thing is clear—ransomware threats will continue to dominate the cybersecurity landscape, keeping organizations on high alert.