According to a Nuspire report, ransomware extortion publications rose by 46% compared to Q3, with Clop ransomware emerging as the most active group, surpassing RansomHub.

Clop, known for its double-extortion tactics, leveraged multiple zero-day vulnerabilities throughout Q4, significantly impacting the Professional & Technical Services industry, which remained the most targeted sector.

Additional findings include:

Ransomware trends

• 2,247 ransomware extortion publications were reported, a 46% increase from Q3 2024.
• Clop overtook RansomHub as the most active ransomware group, while Akira, Funksec, and Bashe entered the top five.
• Finance & Insurance emerged as the third-most targeted industry, rising from fifth place in Q3 2024.

Exploit activity

• Exploit attempts increased by 72% compared to Q3 2024, with 29,180,763 exploit events detected.
• Hikvision camera vulnerabilities (CVE-2021-36260) and Bash vulnerabilities (CVE-2014-6271) saw significant increases in exploitation attempts (56% and 77%, respectively).
• Firewall and VPN technologies remain top targets, as cybercriminals seek to bypass perimeter defenses.

Dark web trends

• Dark web marketplace listings decreased by 32% from Q3 2024, with 1,316,660 raw log listings and 590,762 credit card listings available for sale.
• Lumma Stealer, a persistent malware-as-a-service (MaaS) infostealer, continued to thrive, harvesting sensitive data for resale on illicit marketplaces.

Read the report.