The first quarter of 2024 broke records with 192 publicly disclosed ransomware attacks, an increase of 48% over 2023. The number of undisclosed attacks also reached new heights, with a 22% increase over the previous year.
The unreported to reported ratio began to stabilize throughout the first three months of the year, with the figure for Q1 sitting at 520%. Unfortunately, this figure indicated that over 5X as many attacks go unreported. With the SEC’s incident disclose rules now in effect, we had expected this figure to be substantially lower, making it an interesting statistic to monitor closely over the coming months.
Industry
Unsurprisingly, when it came to disclosed attacks, healthcare, government and education continued to be the favorite target verticals for cybercriminals. With government and healthcare topping the ranks with 30 attacks each, an increase of 33% and 40% respectively on 2023 figures. Education saw a 3% increase from the same period of last year, recording 27 attacks.
For undisclosed attacks, manufacturing, services and technology took the brunt of the incidents, with 20%, 12% and 9% respectively.
Variants
LockBit continued to dominate as the main ransomware variant for both disclosed and undisclosed attacks. LockBit attacks account for 16% of reported and 21% of unreported attacks so far in 2024.
BlackCat claimed only 9% of reported attacks, which can be attributed to the group’s “takedown” earlier this year. Medusa also appeared strong with 4% of public attacks. It’s also worth noting that in Q1 34% of all publicly disclosed attacks were unclaimed. Black Basta and 8Base made waves in undisclosed attacks, both accounting for 7% of the 1000 attacks recorded.
In the first three months of 2024 we have seen twelve new ransomware variants emerge, including Ransomhub who since February were responsible for 30 attacks across a range of different verticals. This worrying trend spells trouble for the ransomware landscape – with more gangs emerging, the number of attacks will inevitably increase. Keep an eye on new ransomware gangs with our ongoing blog.
Geography
The geography of both disclosed and undisclosed remained consistent, with victims from the USA suffering over 50% of attacks in both categories. Canada and European countries such as Germany, France and Italy were also among the regions who were hit badly by ransomware in Q1.
Data Exfiltration
We recorded an increase in the number of disclosed attacks involving data exfiltration, rising to 92%. This figure has continued to rise, albeit minimally, over the past 2 years, highlighting the move from traditional encryption-based ransomware to the use of data exfiltration for extortion purposes.
According to our undisclosed insights, the average amount of data exfiltrated during an attack is 589GB. The volume of data stolen in attacks ranged from 1.2GB to around 7TB. Threat actors responsible for these undisclosed attacks all claimed to have exfiltrated some volume of data but with these attacks being unverified, it is not known if these claims are true until the data has been leaked.
Summary
With record-breaking numbers of attacks being recorded each month, in both reported and unreported categories, it is clear that ransomware is not on the decline and remains a top threat for organizations globally.
Data exfiltration continues to rise, with 92% of attacks involving the theft of data which has significant consequences for victims, with some still experiencing the fall out months after the initial attack.
Cybercriminals are evolving and breaking through traditional defenses with sophisticated attacks. To prevent attacks and avoid being the next victim of ransomware and extortion, organizations must look to newer technologies such as anti data exfiltration (ADX) which has been designed to stop attacks in real-time, 24/7 without the need for human intervention.
At BlackFog, we have been recording ransomware data since 2020. We believe these figures help us to gain a better understanding of the ransomware landscape, highlighting trends and providing insights into how cybercriminals are evolving to break down cybersecurity defenses.
Related Posts
The Johnson Controls Ransomware Attack – Impact and Key Insights Review
In September 2023, Johnson Controls International suffered a ransomware attack linked to the Dark Angels group, resulting in the theft of 27TB of sensitive data. The breach caused $27 million in losses and disrupted operations, highlighting the critical need for robust cybersecurity defenses.
The 2024 Vulnerability Crisis – Managing Cybersecurity Threats
Learn how organizations can meet the onslaught of cybersecurity vulnerabilities, along with five of the most common vulnerabilities and successful management strategies. Find out why there’s a new vulnerability every 17 minutes.
What is Data Loss Prevention? | A Complete Guide to DLP Security
Data is the most valuable asset today's businesses possess - and volumes are growing all the time. In this article we look at what data loss prevention means heading into 2025 and what should firms be doing to improve their capabilities?
BlackFog: Personal Liability Concerns Impact 70% of Cybersecurity Leaders
70% of cybersecurity leaders face personal liability concerns. Discover how it impacts governance, accountability, and cybersecurity practices.
Ongoing: New Ransomware Gangs in 2024
Ransomware gangs continue to break records and BlackFog will track all new ransomware gangs in 2024.
BlackCat Ransomware: What It Is and How to Defend Against It
Learn how to protect your business from BlackCat ransomware with essential insights, ransomware prevention tips, and actionable defense strategies to mitigate risk.