Ransomware activity surged globally in the first quarter of 2024, with a total of 1,075 victims reported on leak sites.


LockBit and ALPHV/BlackCat experienced disruptions due to international law enforcement operations, leading to the emergence of new ransomware groups like Black Basta, Akira [1], Hunters International [1] [4], and BianLian [1]. Affiliates from LockBit and BlackCat shifted their operations to these new groups. The Information Technology and Services industry was the most targeted, with a significant increase in attacks on medical specialists. Additionally, 18 new leak sites appeared in Q1 2024, bringing the total number of active leak sites to 60 [3] [4]. Corvus Insurance highlighted the continued growth of ransomware activity in 2024, with industries such as Information Technology [2] [3], Construction [3], Healthcare [3] [4], and Legal being heavily impacted. Chief Information Security Officer Jason Rebholz stressed the importance of maintaining strong cybersecurity practices to combat this criminal activity [3].


The ransomware surge in Q1 2024 has had significant impacts on various industries, particularly Information Technology [3], Construction [3], Healthcare [3] [4], and Legal [3]. It is crucial for organizations to prioritize cybersecurity measures to mitigate the risks posed by ransomware attacks. Looking ahead, continued vigilance and proactive security measures will be essential in combating the evolving threat landscape.


[1] https://www.infosecurity-magazine.com/news/ransomware-rising-takedowns-corvus/
[2] https://techkranti.com/30-apr-24-in-security-news-today/
[3] https://programbusiness.com/news/q1-2024-sets-record-for-most-ransomware-attacks-in-a-q1-corvus/
[4] https://finance.yahoo.com/news/q1-2024-sets-record-most-130000396.html