Security News > 2024 > May > Ransomware activity is back on track despite law enforcement efforts

Despite significant disruptions for high-profile ransomware gangs LockBit and BlackCat, Q1 2024 became the most active first quarter ever recorded - a 21% increase over Q1 2023, according to Corvus Insurance.

In January, Corvus reported that global ransomware attacks in 2023 set a record high, surpassing 2022 by close to 70%. The Q1 Ransomware Report shows that 2024 is picking up right where 2023 left off.

According to the data, 1,075 leak site ransomware victims were posted on leak sites during the first quarter of 2024, despite the disruption of two major ransomware groups, LockBit and ALPHV/BlackCat, which accounted for 22% and 8% of the activity, respectively.

"The ransomware activity we've seen in Q1 of 2024 continues the substantial growth pattern that we saw develop over the course of 2023. While we fully expect that law enforcement's long-term impact will be significant, it's not enough to curb this criminal activity today," said Jason Rebholz, CISO, Corvus Insurance.

In a typical scenario, the group would take a standard 20-25% and share the remainder with the affiliates, which purchase predeveloped ransomware tools from groups like ALPHV/BlackCat to execute attacks and receive a share of the payout.

Despite these developments, ransomware attacks continued to grow in the first quarter of 2024, likely due to other ransomware affiliate groups shifting operations to new and alternative organizations.

News URL

https://www.helpnetsecurity.com/2024/05/07/ransomware-activity-q1-2024/