Debunking the Viral Claim of Free Travel Service for Women at Night

Disclaimer:

This report is based on extensive research conducted by CyberPeace Research using publicly available information, and advanced analytical techniques. The findings, interpretations, and conclusions presented are based on the data available at the time of study and aim to provide insights into global ransomware trends.

The statistics mentioned in this report are specific to the scope of this research and may vary based on the scope and resources of other third-party studies. Additionally, all data referenced is based on claims made by threat actors and does not imply confirmation of the breach by CyberPeace. CyberPeace includes this detail solely to provide factual transparency and does not condone any unlawful activities. This information is shared only for research purposes and to spread awareness. CyberPeace encourages individuals and organizations to adopt proactive cybersecurity measures to protect against potential threats.

CyberPeace Research does not claim to have identified or attributed specific cyber incidents to any individual, organization, or nation-state beyond the scope of publicly observable activities and available information. All analyses and references are intended for informational and awareness purposes only, without any intention to defame, accuse, or harm any entity.

While every effort has been made to ensure accuracy, CyberPeace Research is not liable for any errors, omissions, subsequent interpretations and any unlawful activities of the findings by third parties. The report is intended to inform and support cybersecurity efforts globally and should be used as a guide to foster proactive measures against cyber threats.

Executive Summary: 

The 2024 ransomware landscape reveals alarming global trends, with 166 Threat Actor Groups leveraging 658 servers/underground resources and mirrors to execute 5,233 claims across 153 countries. Monthly fluctuations in activity indicate strategic, cyclical targeting, with peak periods aligned with vulnerabilities in specific sectors and regions. The United States was the most targeted nation, followed by Canada, the UK, Germany, and other developed countries, with the northwestern hemisphere experiencing the highest concentration of attacks. Business Services and Healthcare bore the brunt of these operations due to their high-value data, alongside targeted industries such as Pharmaceuticals, Mechanical, Metal, Electronics, and Government-related professional firms. Retail, Financial, Technology, and Energy sectors were also significantly impacted.

This research was conducted by CyberPeace Research using a systematic modus operandi, which included advanced OSINT (Open-Source Intelligence) techniques, continuous monitoring of Ransomware Group activities, and data collection from 658 servers and mirrors globally. The team utilized data scraping, pattern analysis, and incident mapping to track trends and identify hotspots of ransomware activity. By integrating real-time data and geographic claims, the research provided a comprehensive view of sectoral and regional impacts, forming the basis for actionable insights.

The findings emphasize the urgent need for proactive Cybersecurity strategies, robust defenses, and global collaboration to counteract the evolving and persistent threats posed by ransomware.

Overview:

This report provides insights into ransomware activities monitored throughout 2024. Data was collected by observing 166 Threat Actor Groups using ransomware technologies across 658 servers/underground resources and mirrors, resulting in 5,233 claims worldwide. The analysis offers a detailed examination of global trends, targeted sectors, and geographical impact.

Top 10 Threat Actor Groups:

The ransomware group ‘ransomhub’ has emerged as the leading threat actor, responsible for 527 incidents worldwide. Following closely are ‘lockbit3’ with 522 incidents and ‘play’ with 351. Other Groups are ‘akira’, ‘hunters’, ‘medusa’, ‘blackbasta’, ‘qilin’, ‘bianlian’, ‘incransom’. These groups usually employ advanced tactics to target critical sectors, highlighting the urgent need for robust cybersecurity measures to mitigate their impact and protect organizations from such threats.

Monthly Ransomware Incidents:

In January 2024, the value began at 284, marking the lowest point on the chart. The trend rose steadily in the subsequent months, reaching its first peak at 557 in May 2024. However, after this peak, the value dropped sharply to 339 in June. A gradual recovery follows, with the value increasing to 446 by August. September sees another decline to 389, but a sharp rise occurs afterward, culminating in the year’s highest point of 645 in November. The year concludes with a slight decline, ending at 498 in December 2024 (till 28th of December).

Top 10 Targeted Countries:

1. The United States consistently topped the list as the primary target probably due to its advanced economic and technological infrastructure.
2. Other heavily targeted nations include Canada, UK, Germany, Italy, France, Brazil, Spain, and India.
3. A total of 153 countries reported ransomware attacks, reflecting the global scale of these cyber threats

Top Affected Sectors:

1. Business Services and Healthcare faced the brunt of ransomware threat due to the sensitive nature of their operations.
2. Specific industries under threats:
   1. Pharmaceutical, Mechanical, Metal, and Electronics industries.
   2. Professional firms within the Government sector.
3. Other sectors:
   1. Retail, Financial, Technology, and Energy sectors were also significant targets.

Geographical Impact:

The continuous and precise OSINT(Open Source Intelligence) work on the platform, performed as a follow-up action to data scraping, allows a complete view of the geography of cyber attacks based on their claims. The northwestern region of the world appears to be the most severely affected by Threat Actor groups. The figure below clearly illustrates the effects of this geographic representation on the map.

Ransomware Threat Trends in India:

In 2024, the research identified 98 ransomware incidents impacting various sectors in India, marking a 55% increase compared to the 63 incidents reported in 2023. This surge highlights a concerning trend, as ransomware groups continue to target India's critical sectors due to its growing digital infrastructure and economic prominence.

Top Threat Actors Group Targeted India:

Among the following threat actors ‘killsec’ is the most frequent threat. ‘lockbit3’  follows as the second most prominent threat, with significant but lower activity than killsec. Other groups, such as ‘ransomhub’, ‘darkvault’, and ‘clop’, show moderate activity levels. Entities like ‘bianlian’, ‘apt73/bashe’, and ‘raworld’ have low frequencies, indicating limited activity. Groups such as ‘aps’ and ‘akira’ have the lowest representation, indicating minimal activity. The chart highlights a clear disparity in activity levels among these threats, emphasizing the need for targeted cybersecurity strategies.

Top Impacted Sectors in India:

The pie chart illustrates the distribution of incidents across various sectors, highlighting that the industrial sector is the most frequently targeted, accounting for 75% of the total incidents. This is followed by the healthcare sector, which represents 12% of the incidents, making it the second most affected. The finance sector accounts for 10% of the incidents, reflecting a moderate level of targeting. In contrast, the government sector experiences the least impact, with only 3% of the incidents, indicating minimal targeting compared to the other sectors. This distribution underscores the critical need for enhanced cybersecurity measures, particularly in the industrial sector, while also addressing vulnerabilities in healthcare, finance, and government domains.

Month Wise Incident Trends in India:

The chart indicates a fluctuating trend with notable peaks in May and October, suggesting potential periods of heightened activity or incidents during these months. The data starts at 5 in January and drops to its lowest point, 2, in February. It then gradually increases to 6 in March and April, followed by a sharp rise to 14 in May. After peaking in May, the metric significantly declines to 4 in June but starts to rise again, reaching 7 in July and 8 in August. September sees a slight dip to 5 before the metric spikes dramatically to its highest value, 24, in October. Following this peak, the count decreases to 10 in November and then drops further to 7 in December.

CyberPeace Advisory:

1. Implement Data Backup and Recovery Plans: Backups are your safety net. Regularly saving copies of your important data ensures you can bounce back quickly if ransomware strikes. Make sure these backups are stored securely—either offline or in a trusted cloud service—to avoid losing valuable information or facing extended downtime.  
2. Enhance Employee Awareness and Training: People often unintentionally open the door to ransomware. By training your team to spot phishing emails, social engineering tricks, and other scams, you empower them to be your first line of defense against attacks.  
3. Adopt Multi-Factor Authentication (MFA): Think of MFA as locking your door and adding a deadbolt. Even if attackers get hold of your password, they’ll still need that second layer of verification to break in. It’s an easy and powerful way to block unauthorized access.  
4. Utilize Advanced Threat Detection Tools: Smart tools can make a world of difference. AI-powered systems and behavior-based monitoring can catch ransomware activity early, giving you a chance to stop it in its tracks before it causes real damage.  
5. Conduct Regular Vulnerability Assessments: You can’t fix what you don’t know is broken. Regularly checking for vulnerabilities in your systems helps you identify weak spots. By addressing these issues proactively, you can stay one step ahead of attackers.

 ‍

Conclusion:

The 2024 ransomware landscape reveals the critical need for proactive cybersecurity strategies. High-value sectors and technologically advanced regions remain the primary targets, emphasizing the importance of robust defenses. As we move into 2025, it is crucial to anticipate the evolution of ransomware tactics and adopt forward-looking measures to address emerging threats. 

Global collaboration, continuous innovation in cybersecurity technologies, and adaptive strategies will be imperative to counteract the persistent and evolving threats posed by ransomware activities. Organizations and governments must prioritize preparedness and resilience, ensuring that lessons learned in 2024 are applied to strengthen defenses and minimize vulnerabilities in the year ahead.

‍

‍

Introduction

National AVGC-XR stands for National Animation, Visual Effects, Gaming, Comics, and Extended Reality. On 21 Aug 2024 Shri Sanjay Jaju, Secretary, Ministry of Information and Broadcasting, Speaking at the 5th Global AVGC and Immersive Media Summit 2024,  announced that the National AVGC-XR Policy will be implemented soon. National AVGC-XR policy aims to facilitate investment, foster innovation, ensure skill development, protect intellectual property and help build world-class infrastructure. Additionally, Atul Kumar Tiwari, Secretary of Ministry of Skills and Entrepreneurship, said that the Centre's decision to revamp 1,000 ITIs is pivotal in aligning workforce skills with AVGC industry needs. He called for enhanced intellectual property rights to retain talent and content in India.

Key Highlights of National AVGC-XR Policy 

• The policy will be implemented in conjunction with the National AVGC-XR Mission to improve India's AVGC sectors through infrastructure development, skill enhancement, innovation, and regulatory support.
• The policy aims to improve India's international competitiveness in the AVGC industry, specifically by supporting the creation of unique intellectual properties (IPs) that can gain worldwide acclaim.
• The policy acknowledges the significance of adapting and converting content for various international viewers, which has become easier considering technological advancements.
• The government is dedicated to providing strong policies and financial backing to the AVGC industry, ensuring that India continues to be a worldwide leader in the sector.

Tech-driven trends in the AVGC-XR Sector promoting exponential growth

• Advancements in technology specifically when we talk about the Animation and VFX industry, emerging trends such as AR, VR, and real-time 3D technology, are driving the expansion of the metaverse, resulting in a rising need for fresh jobs and broadening uses beyond gaming into education, e-commerce, and entertainment. Moreover, the transition to cloud-oriented production processes and the increase in unique or original content on OTT platforms are improving cooperation and propelling industry growth. To drive expansion, global OTT leaders are commissioning more original content. This has increased the need for VFX, post-production, and animation services.
• Technological advancements in India's gaming industry, like cloud gaming, increased popularity of mobile gaming, the introduction of 5G and 6G, and recognition of e-gaming at national and international forums, are breaking down obstacles and fueling swift growth, positioning India as a key player in growing e-gaming sector worldwide. Furthermore, the integration of gamification and XR in education and training is generating immersive experiences that improve learning and skill building, contributing to the expansion of the AVGC-XR industry.
• The comics industry is being transformed by technological advancements like digital technology and self-publishing, which are increasing access and distribution through online platforms and social media. The rising popularity of graphic novels and the greater use of digital comics, particularly among young audiences with smartphones, are fueling substantial growth in the AVGC-XR industry.
• The use of AR, VR, and MR (Mixed Reality) technologies is rapidly growing due to tech-driven trends in Extended Reality (XR), transforming industries such as healthcare, education, and retail. The rising number of startups in this sector, boosted by higher venture capital funding, is speeding up the uptake of XR services, establishing it as a primary catalyst of innovation and expansion in various industries.

Final Words:

Just like the IT revolution, the Indian AVGC-XR industry along with technological trends and advancements has great potential. With the growth in various sectors within the AVGC industry, the right policy framework in place and government support, it will be forefront of India’s global standing in the AVGC sectoral growth including various Intellectual Property (IP), creations, and outsourcing services. The proposed AVGC-XR policy with a forward-thinking approach will drive the industry growth. Thus, a comprehensive integrated and collaborative approach is essential. Furthermore with rising trends in technological space including the use of AR, VR, cloud spaces, 6G and expansion of the OTT sector, the safe and secure use in terms of cybersecurity is encouraged to ultimately protect the interest of users and establish a safe secure cyber world driven by exponential growth in various sectors including AVGC. We’re at the cusp of a new era, where we’re looking at technological advancements not as a tool but as a way of life, hence safe and secure usage remains a top priority.

References: 

1. https://www.cii.in/PressreleasesDetail.aspx?enc=IkIXRoaDhS+jXtgjqb7UcbWSnaI7mgIS485nHsQEMbw
2. https://www.thehindu.com/sci-tech/technology/avgc-xr-policy-to-be-implemented-in-tandem-with-national-avgc-xr-mission-ib-secretary/article68550433.ece#:~:text=Speaking%20at%20the%20Fifth%20Global,competitiveness%20by%20fostering%20infrastructure%20development%2C
3. https://mib.gov.in/sites/default/files/Annexure%20C-AVGC-XR%20-%20Draft%20for%20National%20Policy_16th%20December%202022-AG%20EDIT.pdf
4. https://www.drishtiias.com/daily-updates/daily-news-analysis/potential-of-india-s-avgc-xr-sector

‍

Introduction

A famous quote, “Half knowledge is always dangerous”, but “Too much knowledge of anything can lead to destruction”. Recently very infamous spyware and malware named WyrmSpy and Dragon Egg were invented by a Chinese group of hackers APT41. The APT41 is a state-endorsed Clandstein active group based in the People’s Republic of China that has been active since 2012. In contrast to numerous countries-government supported, APT has a footprint record jeopardising both government organisations for clandestine activities as well as different private organisations or enterprises for their financial gain. APT41 group aims at Android devices through spyware wyrmspy and dragon egg, which masquerades as a legitimate application. According to the U.S. jury legal accusation from 2019 to 2020, the group was entangled in threatening over more than 100 public and private individuals and organisations in the United States and around the world.Moreover, a detailed analysis report was shared by the Lookout Threat Researchers, that has been actively monitoring and tracking both spyware and malware.

Briefing about how spyware attacks on Android devices take place

To begin with, this malware imitates a real source Android application to show some sort of notification. Once it is successfully installed on the user’s machine, proclaims multiple device’s permission to enable data filtration.

Wyrmspy complies with log files, photos, device locations, SMS(read and write), and audio recordings. It has also authenticated that there are no detection malware activities found on google play even after running multiple security levels. These malicious things are made with the intent to obtain rooting access privileges to the device and monitor activities to the specified commands received from the C2 servers.

Similarly, Dragon Egg can collect data files, contacts, locations, and audio recordings, and it also accesses camera photos once it successfully trade-off the device. Dragon egg receives a payload that is also known as “smallmload.jar”, which is either from APK(Android Packet Kit).

WyrmSpy initially masquerades as a default operation system application, and Dragon Egg simulates a third-party keyboard/ messaging application.

Overview of APT41 Chinese group background

APT41 is a Chinese-based stealth activity-carrying group that is said to be active since mid-2006. Rumours about APT41 that it was also a part of the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department. Owning to that fact, 2006 has seen 140+ organisations’ security getting compromised, ranging from 20 strategically crucial companies.APT is also recognised for rationally plundering hundreds of terabytes of data from at least 141 organisations between 2006 and 2013. It typically begins with spear-phishing emails to the targeted victims. These sent emails contain official templates along with language pretending to be from a legitimate real source, carrying a malicious attachment. As the victim opens the attached file, the backdoor bestows the control of the targeted machine to the APT groups machine. Once there is an unauthorised gain of access, the attacker visits and revisits the victim’s machine. The group remains dormant for lengthy durations, more likely for months or even for years.

Advisory points need to adhere to while using Android devices

• The security patch update is necessary at least once a week
• Clearing up unwanted junk files.
• Cache files of every frequently used application need to clear out.
• Install only required applications from
  Google play store.
• Download only necessary APK files only it comes from trusted resources.
• Before giving device permission, it is advisable to run your files or URLs on VirusTotal.com this website will give a good closure to the malicious intent.
• Install good antivirus software.
• Individuals need to check the source of the email before opening an attachment to it.
• Never collect or add any randomly found device to your system
• Moreover, the user needs to keep track of their device activity. Rather than using devices just for entertainment purposes, it is more important to look for data protection on that device.

Conclusion

Network Crack Program Hacker Group (NCPH), which grew as an APT41 group with malicious intent, earlier performed the role of grey hat hacker, this group somehow grew up greedy to enhance more money laundering by hacking networks, devices, etc. As this group conducts a supply chain of attacks to gain unauthorised access to the network throughout the world, targeting hundreds of companies, including an extensive selection of industries such as social media, telecommunications, government, defence, education, and manufacturing. Last but not least, many more fraud-making groups with malicious intent will be forming and implementing in the future. It is on individuals and organisations to secure themselves but practise basic security levels to safeguard themselves against such threats and attacks.