Are ransomware attacks declining in 2024? Depends who you ask
There’s no question ransomware remains a top threat for businesses and organizations around the world and across many sectors – but with recent shakeups including the government takedown of LockBit and apparent exit of ALPHV/BlackCat, are ransomware attacks actually declining in 2024?
It depends who you ask.
In a detailed roundup of Q1 2024 ransomware attacks, tech research company Comparitech noted a “significant decrease” in confirmed attacks; specifically, attacks more than halved from 336 in Q1 2023 to 142 last quarter.
However, the report also noted 939 unconfirmed ransomware attacks so far this year, pointing to a wide disparity between attacks claimed by ransomware groups and those publicly disclosed by victims.
Comparitech has been tracking unconfirmed attacks since April 2023. Its worldwide ransomware attack dashboard shows that unconfirmed attacks have consistently outnumbered confirmed attacks each month.
From April through December 2023, there was an average of about 300 unconfirmed ransomware attack claims each month, and an average of 336 each month in Q4 2023, compared with 313 average monthly attack claims last quarter. When these data are taken into account, any increase or decrease in ransomware attacks in 2024 narrows significantly.
Of course, the veracity of claims made by cybercriminals is always questionable. From scamming their own affiliates to posing as other threat actors, on top of the deception inherent phishing, the actions of these groups do little to garner trust in their claims.
There have also been cases of claimed victims outright denying any breach, as cybersecurity company Dragos did last November after appearing on ALPHV/BlackCat’s leak site.
At the same time, it is not unusual for victims of these attacks to avoid, or delay, publicly disclosing and attributing them. The noted in the FBI’s 2022 Internet Crime Report, “it has been challenging for the FBI to ascertain the true number of ransomware victims as many infections go unreported to law enforcement.”
BlackFog’s most recent monthly State of Ransomware report, which includes detections from BlackFog’s enterprise anti-data exfiltration solution, also noted an unreported to…
