Figure 1: Global Ransomware Attacks by Month
As we can see from Figure 1 above, the ransomware scene is following roughly the same pattern in the first four months of 2024 as it did last year in 2023 with the notable difference being the scale of activity from threat groups being, in general, higher this year. To demonstrate this point, looking at April specifically, observed attack numbers have grown from 229 when we first started tracking attacks in 2021, to 289 in 2022, then quite a massive increase of 22% up to 352 attacks in 2023, and now to 356 in April 2024. Though March 2023 experienced more attacks than March 2024; 459 compared to 421, April 2023 experienced fewer than April 2024; 352 compared to 356. We expected higher numbers in April 2024 though these expectations have been dashed by the surprise “fall from grace” of the, up until now, most prominent ransomware threat group; LockBit 3.0. Their activity is examined in more detail in the Threat Actors section below. This is a trend we have noticed and expect to see continued, unless a more lucrative opportunity presents itself to OCG’s; each year, ransomware activity will be, on the whole, greater than in the year before. As we continue into Q2 we can see a familiar pattern emerge; most established ransomware threat groups will commence the year with a relatively low level of activity. Part of the reason for this is that ransomware actors are human like the rest of us; they experience burnout, they have families, and crucially, they enjoy downtime during festive periods.
Additionally, as many cyber threat actors are located either in Russia or CIS nations, Orthodox Christmas is celebrated in January and not in December as it is in the West. After the frankly understandable, low levels of activity in January, most threat groups will increase their levels of activity throughout the year with most months being higher than the preceding one. This is the rough pattern we expect to see for the rest of the year ahead, though obviously there can be fluctuations around this theme. By comparing ransomware activity month on month and year on year as in Figure 1 above, we are able to gain a holistic understanding of how the ransomware threat landscape continues to evolve. For those organisations that feel they could benefit from in-depth ransomware insights, which is a threat that has only continued to significantly rise in prevalence and sophistication over the past few years, we point you towards our Enhanced Threat Intelligence Subscription Service. This package gives clients access to our Premium Threat Pulses, Threat Monitor Reports, and Threat Intelligence Alerts – reported within 24 hours - for significant vulnerabilities and cyber campaigns. For Ransomware Insights specifically, we elaborate on the most targeted sectors and regions, as well as the most active ransomware groups so organisations can proactively enhance their security posture based on the threat to their specific areas of operation.
5
Made with FlippingBook Ebook Creator