Despite law enforcement actions, fourth quarter 2023 ransomware incidents still surpassed 2022 by nearly 70%, and the number of active ransomware groups grew by 34%.
Corvus Insurance recently released its Q4 2023 Ransomware Report, featuring data collected from ransomware leak sites. The report shows ransomware activity for the year surpassed 2022 totals by 68%, with a record-setting 4,496 total leak site victims, compared to 2,670 in 2022 and 3,048 in 2021.
Ransomware attacks increased each of the first three quarters of 2023 and then declined slightly in Q4. International law enforcement activity in Q4 disrupted the ransomware ecosystem, including taking down ALPHV/BlackCat, one of the most prolific ransomware gangs, and eliminating Qakbot, a pervasive family of malware used to gain access to victims’ networks.
As a result, Q4 attacks dropped by 7% from Q3. Despite this sequential quarterly drop, Q4 2023 activity was still up year over year, and Qakbot still accounted for 31% of the total ransomware volume for the quarter. In Qakbot’s absence, there was a noticeable shift to other malware strains such as “Pikabot” and “DarkGate.”
In Q3, the ALPHV/BlackCat ransomware group accounted for nearly a quarter of all victims in the legal industry (23.5%). This number declined by 8.8% in Q4, likely due to law enforcement disruption in December.
The transportation, logistics and storage industry experienced consistent increases throughout 2023. Lockbit 3.0 accounted for 22% of victims, while ALPHV/BlackCat comprised 15.87%. The industry is sensitive to business interruption and presents attractive targets to threat actors looking for high-pressure victims.
Active ransomware groups increased by 34% between Q1 and Q4 2023 as well-known ransomware groups fractured and leaked proprietary encryptors on the dark web. Members of larger defunct groups began forming splinter groups, and leaks spawned new ransomware operations.
“Throughout 2024, we will undoubtedly witness much of the same activity, as criminals continue to attack, shift, re-brand, and strike again,” said Jason Rebholz, CISO, Corvus Insurance. “Businesses should remain prepared with enhanced security controls and cyber insurance policies to help minimize risk.”
Corvus Insurance, now a wholly owned subsidiary of The Travelers Companies, Inc., is headquartered in Boston, Massachusetts. Corvus provides specialty insurance products enabled by data science, including Smart Cyber Insurance and Smart Tech E+O, among other products and digital tools.
Was this article valuable?
Here are more articles you may enjoy.