With a title like “Ransomware Season Arrives Early,” you might be tempted to crawl back into bed and leave the digital world behind. But before you do, it’s worth reading how serious this season will be.
In the second quarter of 2024, global ransomware attacks continued escalating, with the Corvus Insurance report identifying 1,248 victims. That’s a 16% increase from the previous quarter and the second-highest number recorded by the company in a single quarter. This surge underscores the growing sophistication and persistence of cybercriminals, who have rapidly adapted their tactics in response to law enforcement actions against prominent ransomware groups earlier in the year.
The report from Corvus Insurance paints a troubling picture of the current ransomware landscape; not only has the number of attacks risen, but the financial impact on organizations has also surged. The average ransomware demand in Q2 2024 reached an unprecedented $1,571,667—an alarming 102% increase from the previous quarter. Similarly, the average ransom payment climbed to $626,415, the highest figure since 2022.
You can get the full report here. What follows is our summary.
New Ransomware Groups Fill the Void
The quarter saw the emergence of several new ransomware groups, including PLAY, Medusa, RansomHub, INC Ransom, and BlackSuit, which have quickly filled the void left by international law enforcement’s takedown of the notorious LockBit and BlackCat groups. Despite these successes, LockBit’s resurgence in May highlighted the resilience of these cybercriminal networks, even as they face increased scrutiny and intervention.
The report details how these new and re-emerging threat actors have driven the spike in ransomware activity. These groups have increased the volume of attacks and refined their methods, particularly in their use of double-extortion schemes. In these attacks, data is encrypted and exfiltrated, with cybercriminals threatening to release sensitive information on the dark web if their demands are not met. This tactic has become increasingly prevalent, with data theft involved in 93% of ransomware incidents in 2024, up from 88% in 2023.
The Critical Role of Backup Strategies
The report highlights the critical role of backup strategies in mitigating the financial impact of ransomware attacks. Organizations that employ robust backup systems, particularly using a “3-2-1” strategy—storing multiple copies of data in segregated locations—lower their median claim costs by 72% compared to those without such measures. However, the report cautions that backups alone are not enough to protect against the evolving tactics of ransomware operators fully.
“Data theft has become the technique employed by attackers to secure maximum payouts from their victims, whether or not they have secure backups,” said Jason Rebholz, Chief Information Security Officer at Corvus Insurance. “A robust security plan is never one layer deep. While a sound backup strategy is important, it cannot mitigate these threats alone. Businesses must utilize a multi-layered security strategy based on a resilient environment with fast detection and prevention capabilities.”
Industry Insights: Construction Sector Hit Hard
The report also provides insights into the industries most affected by ransomware in Q2 2024. The construction industry, in particular, emerged as the most frequently targeted sector, overtaking its previous second-place position. The IT Services and Software Development sectors also experienced significant increases in ransomware incidents, with attacks rising by 257% and 54%, respectively. The report identifies RansomHub, PLAY, and BlackSuit as the primary groups responsible for these attacks, accounting for 35% of incidents within the IT sector.
These trends highlight the systemic risks posed by attacks on critical industries, particularly IT services, which serve as the backbone for numerous other sectors. Even smaller IT firms can trigger widespread disruptions if their systems are compromised, making them a prime target for cybercriminals.
A Call for Heightened Vigilance
As ransomware attacks continue to rise, the report serves as a stark reminder of the need for organizations to bolster their cybersecurity defenses. The growing prevalence of double-extortion tactics and the increasing financial demands of ransomware operators underscore the importance of a proactive and multi-layered security approach.
Corvus Insurance’s Q2 2024 Cyber Threat Report concludes with a call to action for businesses across all sectors to transform the lessons learned from this tumultuous period into actionable intelligence. As the year progresses, organizations must remain vigilant and prepared for the inevitable challenges ahead, ensuring they are not caught off guard by the next wave of cyber threats.
Other News: Forget CrowdStrike: Buy This Top Cybersecurity Stock Instead.