The ransomware crisis has markedly escalated during the second quarter of 2024, with new threat groups such as PLAY, Medusa, RansomHub, INC Ransom, and BlackSuit leading a surge in attacks. According to Corvus Insurance, ransomware incidents increased by 16% compared to the first quarter of this year and by 8% compared to the same period in 2023. This rise follows the recent international takedowns of major ransomware operators like LockBit and BlackCat, indicating a shift in the threat landscape as new actors fill the void left by these groups.
The financial impact of ransomware has also reached unprecedented levels. The average ransomware demand has skyrocketed to $1,571,667, marking a dramatic 102% increase from the previous quarter and the highest figure reported since Q2 2022. Additionally, the average ransom payment has surged to $626,415, setting a new record. This rise in demands and payouts reflects a growing trend among ransomware operators to seek larger sums from their victims.
The effectiveness of backup strategies plays a crucial role in determining the financial impact of ransomware attacks. Organizations lacking robust backup solutions are more than twice as likely to meet ransom demands compared to those with effective backup systems. Businesses with strong backup strategies have reported median claim costs that are 72% lower than those without. This underscores the importance of comprehensive backup solutions in mitigating the financial repercussions of ransomware incidents.
Ransomware operators have increasingly adopted double-extortion tactics, where they encrypt and exfiltrate data before threatening to release it publicly. This technique has been involved in 93% of ransomware incidents in 2024, up from 88% in 2023. Even organizations with secure backups may be pressured into paying ransoms to prevent the exposure of stolen data. The construction sector has emerged as the most targeted industry, while ransomware attacks on IT services and software development sectors have surged dramatically, highlighting the evolving and persistent nature of ransomware threats.
Reference:
