Blackfog January State of Ransomware Report
February 2024 by Dr Darren Williams, CEO and Founder at Blackfog
BlackFog has today released the State of Ransomware Report for January. This report contains detailed statistics on the latest ransomware attack tactics, active threat groups, and a breakdown of attacks by countries and industries. Darren Williams, CEO and Founder, BlackFog, has offered perspectives on the last month of ransomware attacks, below:
“We begin 2024 with a record January and second highest number of attacks ever, in fact, 130% more than in 2023. Similarly, unreported attacks increased 75% over the previous year. On a more positive note, the ratio of unreported to reported attacks fell to a new low of 364%, suggesting that the new regulations introduced by the SEC in December are having a significant effect on ransomware reporting.
From an industry perspective we saw education under siege with 14 attacks, more than 75% greater than last year’s clear favourite, the healthcare sector. Rounding out the top 4 sectors we saw healthcare at 8, manufacturing 7 and government at 6. Even at this early stage we are seeing a similar breakdown by country as we saw throughout 2023 with USA at 57% and UK at 8% and Singapore in 3rd place with 4% of attacks.
LockBit continues to dominate as the main ransomware variant with 29.4%, which is also reflected in the number of unreported attacks at 30.9%. This month we also saw Akira move into second place with 11.8%, followed by BlackCat at 9.8%.
Finally, data exfiltration continues to dominate the news and is now the primary goal of all attackers, at 91% of all ransomware. We are now seeing extortion continue for years after the initial attack, even if the victim paid the initial ransom. There are so many ways to leverage data once it has been exfiltrated. Lastly, we see that China and Russia continue to dominate as the leading destinations for exfiltrated data with 18% and 8% respectively.”