Some useful insights here from Corvus, as ransomware becomes a tool for various criminals, State-backed actors, terror group funding and more. It’s a digital world out there, but how can we keep the data flowing?
Corvus Insurance today released its Q4 2023 Ransomware Report. Featuring data collected from ransomware leak sites, the report shows that while Q4 attacks were down slightly from Q3 2023, ransomware activity for the year surpassed 2022 totals by 68 percent.
Corvus Insurance closely monitored ransomware activity during 2023 and recognized early that attacks were occurring at a record-setting pace. Last year, ransomware attacks increased each of the first three quarters and then declined slightly in Q4. Significant international law enforcement activity in Q4 successfully disrupted the ransomware ecosystem, including taking down ALPHV/BlackCat, one of the most prolific ransomware gangs, and eliminating Qakbot, a pervasive family of malware used to gain access to victims’ networks.
As a result of law enforcement’s actions, Q4 attacks dropped by 7 percent from Q3, with 1,278 victims observed on ransomware leak sites. Despite this sequential quarterly drop, Q4 2023 activity was still up year over year. In addition, 2023 established a new record for ransomware attacks with 4,496 total leak site victims, compared to 2,670 in 2022 and 3,048 in 2021.
“While ransomware activity spiked to an all-time high in 2023, the real story here is the incredible impact law enforcement had on these groups as we closed out the year,” said Jason Rebholz, CISO, Corvus Insurance. “Unfortunately, there’s no time to celebrate. Threat actors are resilient and have quickly pivoted to new malware, which means everyone must remain vigilant in their commitment to mitigating these threats.”
Key Industry Trends
Law Practices
In Q3, the ALPHV/BlackCat ransomware group accounted for nearly a quarter of all victims in the legal industry (23.5 percent). This number declined by 8.8 percent in Q4, likely the result of law enforcement disruption that occurred in December.
Transportation, Logistics, and Storage
The transportation, logistics, and storage industry experienced consistent increases throughout 2023. Lockbit 3.0 accounted for 22 percent of victims, while ALPHV/BlackCat made up 15.87 percent. Given the nature of the work, businesses in this industry are sensitive to business interruption and may present attractive targets to threat actors looking to put pressure on victims to pay for decryption.
Read the full Corvus Q4 Ransomware Report here. To learn more, join the deep-dive webinar, “Cyber Threats in 2024: What Claims Data Tells Us About the Dark Web,” featuring Corvus experts.
Be the first to comment