Black Kite is a finalist in the 2026 SC Awards for continued innovation and leadership in third-party cyber risk intelligence.Learn more

Ransomware Report August 2024

An In-Depth Analysis of the Latest Ransomware Trends and Threat Landscape

Dive into the constantly shifting world of ransomware, as we uncover the latest tactics, dissect the most prolific actors, and offer insights to keep your organization one step ahead.

Welcome to the August 2024 ransomware update, highlighting the latest trends, threat actors, and significant developments shaping the ransomware landscape. The Black Kite Research & Intelligence Team (BRITE) tracked 466 ransomware incidents this month, making it one of the most active months of the year.

RansomHub remained the most dominant ransomware group with 74 victims, while LockBit 3.0 surged back to second place with 47 incidents, raising questions about its resilience. Meow, a relatively newer player, made a strong impression with 38 attacks, followed by Play, Hunters, and BianLian, all maintaining steady activity.

The United States was once again the primary target with 219 incidents, followed by the United Kingdom, Canada, France, Italy, and Australia. Across industries, average impact scores saw slight increases, with many sectors shifting into higher risk brackets.

With ransomware groups maintaining high levels of activity, vigilance and proactive security measures remain critical in mitigating these evolving threats.

At least one IP address that was part of a botnet, malware propagation, or spam propagation
7
At least one record found in stealer logs
95
At least one possible phishing domain
209
Open RDP or SMB ports publicly visible
211
At least one credential leaked in the last 90 days
225
Use of out-of-date services/products with possible vulnerabilities of high exploitability
249
MX and DNS misconfiguration that may allow spoofing and phishing attacks
349

01Threat Actor Distribution

  • RansomHub accounted for 74 victims, representing 15.4% of total activity.
  • LockBit 3.0 followed with 47 disclosures.
  • Meow and Play remained consistently active.

02Geographic Distribution

  • USA represented 47% of all tracked victims.
  • Others was among the next most impacted countries.
  • UK and Canada also saw notable activity.

03Industry Distribution

  • Public Administration remained the most targeted sector.
  • Other followed as a heavily impacted sector.
  • Accommodation Services and Entertainment continued to be operationally critical targets.

04Threat Actor × Country Matrix

The matrix below shows how leading ransomware groups distributed their activity geographically.

Others
Kill Security
Cicada3301
HellDown
Black Suit
Qilin
Rhysida
Lynx
BianLian
Hunters
Play
Meow
LockBit 3.0
RansomHub
USA
40
4
12
4
13
11
16
10
15
9
21
17
21
26
UK
12
1
1
1
3
1
1
4
7
Canada
15
3
1
2
1
2
France
4
1
1
1
6
3
Italy
3
2
1
1
1
3
2
1
1
Australia
1
1
2
1
1
2
6
Germany
5
2
1
1
1
India
1
3
1
1
2
Switzerland
4
2
1
1
Spain
1
2
2
1
1
Brazil
3
1
1
1
South Africa
3
1
1
1
Poland
1
2
1
1
Israel
2
2
Mexico
3
1
Others
24
4
1
3
2
2
1
3
5
4
11
8
21
  • USA activity was heavily concentrated in Others.
  • Some actors demonstrated narrow targeting patterns.

05Threat Actor × Industry Matrix

This view highlights sector specialization across leading ransomware groups.

Others
Kill Security
Cicada3301
HellDown
Black Suit
Qilin
Rhysida
Lynx
BianLian
Hunters
Play
Meow
LockBit 3.0
RansomHub
Professional, Scientific, and Technical Services
27
2
5
2
1
3
2
4
6
5
6
7
9
19
Manufacturing
23
1
2
3
3
1
2
6
4
6
9
10
12
12
Health Care and Social Assistance
10
1
1
4
6
5
4
1
1
1
2
Wholesale Trade
7
1
2
1
1
5
1
2
3
4
6
Construction
7
2
2
1
2
1
3
3
1
Retail Trade
6
1
1
1
1
1
2
1
2
5
Administrative and Support and Waste Management and Remediation Services
6
1
1
1
1
1
1
Educational Services
5
1
1
1
1
2
6
Information
5
5
2
2
1
1
1
3
3
Transportation and Warehousing
5
1
1
2
1
1
1
3
Finance and Insurance
5
1
1
2
2
3
2
3
3
1
Other Services (except Public Administration)
5
1
3
1
1
1
1
2
6
3
Public Administration
2
1
1
1
2
2
7
Accommodation and Food Services
2
1
2
1
1
Management of Companies and Enterprises
2
2
2
Mining
2
1
1
Real Estate Rental and Leasing
1
1
1
1
2
2
2
Arts, Entertainment, and Recreation
1
1
1
1
1
Utilities
1
1
1
Agriculture, Forestry, Fishing and Hunting
1
  • Professional, Scientific, and Technical Services activity was heavily concentrated in Others.
  • Some actors demonstrated narrow targeting patterns.

06Six Month Trend Context

07Key Takeaways

  • 479 ransomware disclosures were observed in August 2024.
  • RansomHub led activity with 74 victims.
  • USA accounted for 47% of disclosures.
  • Public Administration remained the most targeted industry.

08Data Methodology and Sources

  • Victim counts are based on publicly disclosed ransomware leak site postings tracked during the reporting period.
  • Each victim is attributed to a single threat actor based on disclosure source.
  • Industry classification is assigned using standardized sector mapping.
  • Country attribution is based on headquarters location where identifiable.

Accelerate Risk Decisions, Cut the Noise.

Join leading teams using Black Kite to slash assessment timelines, eliminate manual reviews, and onboard vendors with confidence.