Bitdefender Threat Debrief | June 2024

Martin Zugec

June 20, 2024

Bitdefender Threat Debrief | June 2024

Staying ahead of ransomware attackers is a constant battle for security specialists. By monitoring trends in victim data, attack methods, and targeted industries, we can gain valuable insights into the evolving tactics of these cybercriminals. We analyzed data from ransomware group websites from May 1 to May 31, identifying a total of 556 claimed victims.

Now, let’s explore the most notable ransomware news and findings since our last edition:

  • LockBit reclaimed the top spot with a staggering 177 claimed victims. However, it's important to remember that verifying the exact number of victims from ransomware group claims can be difficult. LockBit has faced significant pressure from law enforcement, and this high number of claimed victims may be an attempt to regain their reputation within the RaaS ecosystem. Additionally, there's a possibility that some reported victims may be duplicates of previously published data, or even inactive organizations. While another recent Ukrainian takedown represents progress, LockBit is known for its resilience. The fight against LockBit and other ransomware groups is far from over.
    • Important Note for LockBit Victims: The FBI has announced they possess over 7,000 decryption keys for LockBit ransomware. If your organization was impacted by a LockBit attack, you can potentially recover your data for free. Visit the FBI's LockBit Victim Reporting Form for more information.
  • The manufacturing sector remained the primary target in May 2024, experiencing a concerning 85 attacks. This relentless targeting highlights the unique vulnerability of manufacturing operations to ransomware disruptions. Unlike other sectors where data breaches might be the primary concern, ransomware attacks in manufacturing directly impact business outcomes by hindering availability. Production lines rely on uninterrupted access to critical systems, and even a brief shutdown caused by ransomware encryption can lead to significant financial losses.
  • The recent ransomware attack on London hospitals affiliated with Synnovis demonstrates a concerning trend – ransomware groups becoming more opportunistic in their targeting. Traditionally, sectors like healthcare were considered "off-limits" due to potential ethical and public backlash. However, the landscape is shifting. Several factors contribute to this change. Ransomware groups are increasingly prioritizing the ease of exploiting vulnerabilities over the specific target. This opportunistic approach makes previously "safe" sectors like healthcare more susceptible. Additionally, the rise of RaaS groups with relaxed affiliate recruitment and less stringent targeting guidelines contribute to this trend.
    • Important Note for NHS Hospitals: In response to the ransomware attacks impacting NHS hospitals in London, Bitdefender is providing its Managed Detection and Response (MDR) services along with the GravityZone Enterprise product free of charge for six months to NHS hospitals in London.
  • Several new ransomware groups emerged in May, including Arcus Media, SpiderX (successor of Diablo), ShrinkLocker, and FakePenny.

Top 10 Ransomware Families

Bitdefender's Threat Debrief analyzes data from ransomware leak sites, where attacker groups publicize their claimed number of compromised companies. This approach provides valuable insights into the overall activity of the RaaS market. However, there's a trade-off: while it reflects attackers' self-proclaimed success, the information comes directly from criminals and might be unreliable. Additionally, this method only captures the number of claimed victims, not the actual financial impact of these attacks.

Top 10 Countries

Ransomware gangs prioritize targets where they can potentially squeeze the most money out of their victims. This often means focusing on developed countries. Now, let’s see the top 10 countries that took the biggest hit from these attacks.

About Bitdefender Threat Debrief

The Bitdefender Threat Debrief (BDTD) is a monthly series analyzing threat news, trends, and research from the previous month. Don’t miss the next BDTD release, subscribe to the Business Insights blog, and follow us on Twitter. You can find all previous debriefs here.

Bitdefender provides cybersecurity solutions and advanced threat protection to hundreds of millions of endpoints worldwide. More than 180 technology brands have licensed and added Bitdefender technology to their product or service offerings. This vast OEM ecosystem complements telemetry data already collected from our business and consumer solutions. To give you some idea of the scale, Bitdefender Labs discover 400+ new threats each minute and validate 30 billion threat queries daily. This gives us one of the industry’s most extensive real-time views of the evolving threat landscape.


We would like to thank bitdefenders Vlad Craciun, Mihai Leonte, Andrei Mogage, and Rares Radu (sorted alphabetically) for their help with putting this report together. 



Martin Zugec

Martin is technical solutions director at Bitdefender. He is a passionate blogger and speaker, focusing on enterprise IT for over two decades. He loves travel, lived in Europe, Middle East and now residing in Florida.

View all posts

You might also like