There’s no question ransomware remains a top threat for businesses and organizations around the world and across many sectors – but with recent shakeups including the government takedown of LockBit and apparent exit of ALPHV/BlackCat, are ransomware attacks actually declining in 2024?
It depends who you ask.
In a detailed roundup of Q1 2024 ransomware attacks, tech research company Comparitech noted a “significant decrease” in confirmed attacks; specifically, attacks more than halved from 336 in Q1 2023 to 142 last quarter.
However, the report also noted 939 unconfirmed ransomware attacks so far this year, pointing to a wide disparity between attacks claimed by ransomware groups and those publicly disclosed by victims.
Comparitech has been tracking unconfirmed attacks since April 2023. Its worldwide ransomware attack dashboard shows that unconfirmed attacks have consistently outnumbered confirmed attacks each month.
From April through December 2023, there was an average of about 300 unconfirmed ransomware attack claims each month, and an average of 336 each month in Q4 2023, compared with 313 average monthly attack claims last quarter. When these data are taken into account, any increase or decrease in ransomware attacks in 2024 narrows significantly.
Of course, the veracity of claims made by cybercriminals is always questionable. From scamming their own affiliates to posing as other threat actors, on top of the deception inherent phishing, the actions of these groups do little to garner trust in their claims.
There have also been cases of claimed victims outright denying any breach, as cybersecurity company Dragos did last November after appearing on ALPHV/BlackCat’s leak site.
At the same time, it is not unusual for victims of these attacks to avoid, or delay, publicly disclosing and attributing them. The noted in the FBI’s 2022 Internet Crime Report, “it has been challenging for the FBI to ascertain the true number of ransomware victims as many infections go unreported to law enforcement.”
BlackFog’s most recent monthly State of Ransomware report, which includes detections from BlackFog’s enterprise anti-data exfiltration solution, also noted an unreported to reported ratio of 603% for attacks in March 2024.
BlackFog’s data also indicated an overall increase in ransomware attacks in Q1 2024 compared with Q1 2023, and an all-time-high number of January attacks.
Whether ransomware attacks are truly decreasing, increasing or stagnating in 2024, all data indicated ransomware prevention should remain a top priority for businesses and organizations.
The operational disruptions, financial consequences and privacy breaches resulting from these attacks continued to resonate, as seen with the resounding impact of the Change Healthcare attack and the Fidelity National Financial breach.
The trends are also likely to become clearer as more companies comply with the U.S. Security and Exchange Commission’s four-day disclosure rule, which goes into effect for smaller reporting companies on June 15.
As seen from Sophos’ Active Adversary Report published Wednesday, which covers incident response data from 2023, even though ransomware levels “have reached homeostasis” over the past year, they still dominate the threat scene at 70% of attacks, with data encrypted for impact in nearly 70% of cases.
