The first quarter of 2024 has set a new record for most global ransomware attacks in a first quarter: 1,075 leak site ransomware victims were posted on leak sites during this period. In addition, 18 new leak sites emerged over the period, the largest number of leak sites to emerge in a single quarter on record. These additions brought the total number of active leak sites for the first quarter to 60.
While most industries experienced only a marginal reduction in incidents compared to the previous quarter, attacks on Medical Practices (specialists or family clinics), were up 38 percent over the last quarter of 2023.
The company Corvus Insurance today released its Q1 2024 ransomware numbers. The new report, Ransomware Groups Don’t Die, They Multiply, shows that troubling trends from the last year continue—Q1 2024 attacks surpassed Q1 2023 by 21 percent.
In January, Corvus reported that global ransomware attacks in 2023 set a record high, surpassing 2022 by close to 70 percent. The trend for 2024 suggests the year is picking up right where 2023 left off.
According to the data, 1,075 leak site ransomware victims were posted on leak sites during the first quarter of 2024, despite the disruption of two major ransomware groups, LockBit and ALPHV/BlackCat, which accounted for 22 percent and 8 percent of the activity, respectively.
In the first quarter of 2024, an international law enforcement operation targeted LockBit’s infrastructure, resulting in its operations declining from their status in 2023 and 2022. Lockbit’s operators have begun to rebuild but are currently operating at a decreased rate.
ALPHV/BlackCat’s high-profile attack on a large healthcare technology company in early March severely impacted thousands of medical practices and pharmacies across the U.S.
Following the attack, ALPHV/BlackCat conducted an exit scheme, pretending to shut down, and then taking all the funds. In a typical scenario, the group would take a standard 20-25 percent and share the remainder with the affiliates, which purchase predeveloped ransomware tools from groups like ALPHV/BlackCat to execute attacks and receive a share of the payout.
Despite these developments, ransomware attacks continued to grow in the first quarter of 2024, likely due to other ransomware affiliate groups shifting operations to new and alternative organizations.
The industries most impacted by global ransomware attacks remained relatively consistent over previous quarters, with Information Technology and Services, Construction, Healthcare, and Legal continuing to rank among the top five.
The one prominent exception is Medical Practices, including specialists or family clinics, where attacks were up 38 percent over Q4 2023. ALPHV/BlackCat and LockBit accounted for 12 and 16 percent of these attacks, respectively.