The first quarter of 2024 broke records with 192 publicly disclosed ransomware attacks, an increase of 48% over 2023. The number of undisclosed attacks also reached new heights, with a 22% increase over the previous year.
The unreported to reported ratio began to stabilize throughout the first three months of the year, with the figure for Q1 sitting at 520%. Unfortunately, this figure indicated that over 5X as many attacks go unreported. With the SEC’s incident disclose rules now in effect, we had expected this figure to be substantially lower, making it an interesting statistic to monitor closely over the coming months.
Industry
Unsurprisingly, when it came to disclosed attacks, healthcare, government and education continued to be the favorite target verticals for cybercriminals. With government and healthcare topping the ranks with 30 attacks each, an increase of 33% and 40% respectively on 2023 figures. Education saw a 3% increase from the same period of last year, recording 27 attacks.
For undisclosed attacks, manufacturing, services and technology took the brunt of the incidents, with 20%, 12% and 9% respectively.
Variants
LockBit continued to dominate as the main ransomware variant for both disclosed and undisclosed attacks. LockBit attacks account for 16% of reported and 21% of unreported attacks so far in 2024.
BlackCat claimed only 9% of reported attacks, which can be attributed to the group’s “takedown” earlier this year. Medusa also appeared strong with 4% of public attacks. It’s also worth noting that in Q1 34% of all publicly disclosed attacks were unclaimed. Black Basta and 8Base made waves in undisclosed attacks, both accounting for 7% of the 1000 attacks recorded.
In the first three months of 2024 we have seen twelve new ransomware variants emerge, including Ransomhub who since February were responsible for 30 attacks across a range of different verticals. This worrying trend spells trouble for the ransomware landscape – with more gangs emerging, the number of attacks will inevitably increase. Keep an eye on new ransomware gangs with our ongoing blog.
Geography
The geography of both disclosed and undisclosed remained consistent, with victims from the USA suffering over 50% of attacks in both categories. Canada and European countries such as Germany, France and Italy were also among the regions who were hit badly by ransomware in Q1.
Data Exfiltration
We recorded an increase in the number of disclosed attacks involving data exfiltration, rising to 92%. This figure has continued to rise, albeit minimally, over the past 2 years, highlighting the move from traditional encryption-based ransomware to the use of data exfiltration for extortion purposes.
According to our undisclosed insights, the average amount of data exfiltrated during an attack is 589GB. The volume of data stolen in attacks ranged from 1.2GB to around 7TB. Threat actors responsible for these undisclosed attacks all claimed to have exfiltrated some volume of data but with these attacks being unverified, it is not known if these claims are true until the data has been leaked.
Summary
With record-breaking numbers of attacks being recorded each month, in both reported and unreported categories, it is clear that ransomware is not on the decline and remains a top threat for organizations globally.
Data exfiltration continues to rise, with 92% of attacks involving the theft of data which has significant consequences for victims, with some still experiencing the fall out months after the initial attack.
Cybercriminals are evolving and breaking through traditional defenses with sophisticated attacks. To prevent attacks and avoid being the next victim of ransomware and extortion, organizations must look to newer technologies such as anti data exfiltration (ADX) which has been designed to stop attacks in real-time, 24/7 without the need for human intervention.
At BlackFog, we have been recording ransomware data since 2020. We believe these figures help us to gain a better understanding of the ransomware landscape, highlighting trends and providing insights into how cybercriminals are evolving to break down cybersecurity defenses.
Related Posts
BlackFog Wins 2024 CyberSecurity Breakthrough Award
BlackFog Wins Coveted ‘AI-based Cybersecurity Innovation of the Year' in the 2024 CyberSecurity Breakthrough Awards Program
Big Game Hunting is on the Rise in Cybercrime
Big game hunting in cybercrime refers to attacks where cybercriminals target large organizations with the goal of demanding hefty ransoms. This article explores the tactics used in these attacks, provides real-world examples, and explains why this form of cybercrime is becoming increasingly common.
RansomHub: The Rise of a New Ransomware Threat
Explore RansomHub, a ransomware group emerging in Feb 2024. Discover their tactics, notable attacks, sophisticated techniques, and links to other cybercriminals.
The State of Ransomware 2024
BlackFog's state of ransomware report measures publicly disclosed and non-disclosed attacks globally.
TAG Blog Series 3 – How ADX is Integrated by BlackFog
Integrating Anti Data Exfiltration (ADX) solutions is essential for enterprise cybersecurity. This article examines how BlackFog's ADX enhances existing technologies by focusing on prevention and the shift-left paradigm. It illustrates ADX's effectiveness against ransomware and its support for modern managed security service providers, demonstrating how ADX integration creates a comprehensive security solution.
Data Exfiltration Extortion Now Averages $5.21 Million According to IBM’s Report
According to IBM's 2024 Data Breach Report, the financial toll of data exfiltration extortion has surged, with the average cost now reaching $5.21 million per incident. This alarming trend highlights the growing sophistication of cybercriminals and the increasing financial risks organizations face when sensitive data is compromised. As data breaches continue to escalate, businesses must prioritize robust cybersecurity measures to mitigate these costly threats.