Ransomware Rising Despite Takedowns, Says Corvus Report

New ransomware gangs have already filled the void left by LockBit and ALPHV/BlackCat in the first quarter of 2024, according to a new report by Corvus Insurance.

In its latest ransomware report, Ransomware Groups Don’t Die, They Multiply, published on April 30, the cyber insurance firm found that ransomware activity increased by 21% in the first quarter of 2024 compared to the same period in 2023.

This is based on the number of victims reported on ransomware groups’ leak sites detected by Corvus.

Although lower than in the second half of 2023, the number of recorder victims for Q1 2024, at 1,075, is significantly higher than at the same period in 2023, at 699.

“Despite significant disruptions for high-profile ransomware gangs LockBit and BlackCat, Q1 2024 became the most active first quarter ever recorded,” Corvus explained.

The insurance firm argued that many LockBit and BlackCat affiliates have merely dispersed and shifted to other ransomware groups instead of halting their operations.

Corvus data shows recent upticks in activity from other ransomware groups, such as Black Basta, Akira, Hunters International and BianLian.

New ransomware gangs filled the void left by LockBit and BlackCat [with] 18 new leak sites emerging throughout Q1 – higher than any other quarter, according to Corvus.

Information technology and services were the most targeted industries during the first quarter of 2024, representing 6.4% of the victims. Medical specialists experienced the most significant increase in ransomware attacks (+38%).