Skip to content
The first quarter of 2024 broke records with 192 publicly disclosed ransomware attacks, an increase of 48% over 2023. The number of undisclosed attacks also reached new heights, with a 22% increase over the previous year.
The unreported to reported ratio began to stabilize throughout the first three months of the year, with the figure for Q1 sitting at 520%. Unfortunately, this figure indicated that over 5X as many attacks go unreported. With the SEC’s incident disclose rules now in effect, we had expected this figure to be substantially lower, making it an interesting statistic to monitor closely over the coming months.
Industry
Unsurprisingly, when it came to disclosed attacks, healthcare, government and education continued to be the favorite target verticals for cybercriminals. With government and healthcare topping the ranks with 30 attacks each, an increase of 33% and 40% respectively on 2023 figures. Education saw a 3% increase from the same period of last year, recording 27 attacks.
For undisclosed attacks, manufacturing, services and technology took the brunt of the incidents, with 20%, 12% and 9% respectively.
Variants
LockBit continued to dominate as the main ransomware variant for both disclosed and undisclosed attacks. LockBit attacks account for 16% of reported and 21% of unreported attacks so far in 2024.
BlackCat claimed only 9% of reported attacks, which can be attributed to the group’s “takedown” earlier this year. Medusa also appeared strong with 4% of public attacks. It’s also worth noting that in Q1 34% of all publicly disclosed attacks were unclaimed. Black Basta and 8Base made waves in undisclosed attacks, both accounting for 7% of the 1000 attacks recorded.
In the first three months of 2024 we have seen twelve new ransomware variants emerge, including Ransomhub who since February were responsible for 30 attacks across a range of different verticals. This worrying trend spells trouble for the ransomware landscape – with more gangs emerging, the number of attacks will inevitably increase. Keep an eye on new ransomware gangs with our ongoing blog.
Geography
The geography of both disclosed and undisclosed remained consistent, with victims from the USA suffering over 50% of attacks in both categories. Canada and European countries such as Germany, France and Italy were also among the regions who were hit badly by ransomware in Q1.
Data Exfiltration
We recorded an increase in the number of disclosed attacks involving data exfiltration, rising to 92%. This figure has continued to rise, albeit minimally, over the past 2 years, highlighting the move from traditional encryption-based ransomware to the use of data exfiltration for extortion purposes.
According to our undisclosed insights, the average amount of data exfiltrated during an attack is 589GB. The volume of data stolen in attacks ranged from 1.2GB to around 7TB. Threat actors responsible for these undisclosed attacks all claimed to have exfiltrated some volume of data but with these attacks being unverified, it is not known if these claims are true until the data has been leaked.
Summary
With record-breaking numbers of attacks being recorded each month, in both reported and unreported categories, it is clear that ransomware is not on the decline and remains a top threat for organizations globally.
Data exfiltration continues to rise, with 92% of attacks involving the theft of data which has significant consequences for victims, with some still experiencing the fall out months after the initial attack.
Cybercriminals are evolving and breaking through traditional defenses with sophisticated attacks. To prevent attacks and avoid being the next victim of ransomware and extortion, organizations must look to newer technologies such as anti data exfiltration (ADX) which has been designed to stop attacks in real-time, 24/7 without the need for human intervention.
At BlackFog, we have been recording ransomware data since 2020. We believe these figures help us to gain a better understanding of the ransomware landscape, highlighting trends and providing insights into how cybercriminals are evolving to break down cybersecurity defenses.
Share This Story, Choose Your Platform!
Related Posts
Kerberoasting Attack Explained: Example And Prevention Guide
Kerberoasting attack explained with examples, detection tips, and prevention steps. Learn how to secure Active Directory from credential theft.
BlackFog Appoints Former Yahoo CFO Kenneth A. Goldman To Board Of Advisors
Kenneth A. Goldman joins BlackFog’s Board of Advisors, bringing decades of tech and finance leadership to accelerate enterprise growth and AI-based data protection.
Why Every Business Needs A Cybersecurity Roadmap
Find out what's involved in creating a cybersecurity roadmap and how having one can help navigate an extremely challenging threat landscape.
Cybersecurity Risk Assessment: Why It Matters And How To Do It Right
What do you need to complete a successful cybersecurity risk assessment and how can outsourced solutions like a virtual CISO aid in the process?
5 Effective Ways To Mitigate Risk In Cybersecurity
Follow these five proven strategies to help your firm mitigate risk in cybersecurity and ensure effective protection in today’s challenging digital environment.
How Do vCISO Costs Work – And What Do Firms Get In Return?
How much should businesses expect in vCISO costs? This guide breaks down the key factors that influence pricing and what drives those cost variations.