INTELLIGENT BRANDS // Enterprise Security

Noteworthy findings from this year ’ s report include :

New Annual Report from GuidePoint ’ s Research and Intelligence Team ( GRIT ) reveals a 40 % YoY increase in active threat groups as cybercrime ecosystem evolves .

The report offers exclusive in-depth research , insights and analysis on the evolving ransomware ecosystem , exploring who cybercriminals are targeting ( and why ), the top tactics threat actors are using and what the future may hold for emerging ransomware groups in 2025 .

“ The GRIT 2025 Ransomware & Cyber Threat Report reveals the resilience and persistence of the ransomware-as-a-service ( RaaS ) model , highlighting the difficulty of disrupting it ,” said Jason Baker , Lead Threat Analyst , GuidePoint Security .

“ From major law enforcement disruptions to group shakeups and new behavior patterns , 2024 was at times a chaotic year for threat actors – yet ransomware activity and new groups continue to proliferate . Well-resourced defenders , active vulnerability management , attack surface awareness and actionable intelligence remain critical to mitigating information security risks in 2025 .”

• A record high of ransomware victims , with 1,600 + ransomware victims in Q4 2024 alone – the largest number recorded in a single quarter since the report ’ s inception .

• A 40 % YoY increase in active threat groups , illustrating a continually developing threat landscape . GRIT identified 88 + total active threat groups in 2024 , including 40 newly observed adversaries .

• An average of 93 ransomware victims were posted per week on the dark web . RansomHub claimed the largest number of victims in 2024 , displacing LockBit as the most active ransomware group for the first time since 2021 .

• The United States remains a top geographic target for ransomware attacks . In 2024 , more than half ( 52 %) of ransomware victims were based in the US .

• An average of 110 Common Vulnerabilities and Exposures ( CVEs ) published per day , underscoring the overwhelming volume and velocity of information which cybersecurity teams are facing . Almost 40,000 CVEs were reported in 2024 , a 43 % increase from 2023 .

• Nearly 44 % of vulnerabilities were rated “ High ” or “ Critical ” severity . However , threat actors continue to rely on historical vulnerabilities from preceding years .

• The Manufacturing industry was most heavily impacted by ransomware , followed by the Technology and Retail / Wholesale industries . Interestingly , despite several high-profile attacks in 2024 , the Healthcare sector dropped out of the top three most affected industries by the end of the year .

“ Throughout the year , we also witnessed multiple instances of significant international law enforcement operations that dealt heavy blows to various threat actors and their infrastructures ,” Baker said .

“ While the fight is far from over , the enduring effects of these law enforcement campaigns suggest that we ’ re developing more effective and sustainable strategies to combat our adversaries – and we anticipate continued progress in 2025 .”

The report also explores the impacts of ransomware on critical infrastructure , examines threat actor deception and misinformation efforts in 2024 and examines major ransomware events throughout the year , including the continued fallout from Operation Cronos . p

68 INTELLIGENTCIO APAC www . intelligentcio . com