Halcyon Ransomware Malicious Quartile Q1-2024
Explore the latest reports by the experts at Halcyon
Executive Summary
Ransomware attacks in 2023 broke nearly all previous records, with the majority (75%) of organizations reporting being targeted by at least one ransomware attack, and 26% reporting they were targeted with ransomware four or more times. All in all, the volume of attacks surged in 2023 by 55.5% year-over-year, and a report from Chainalysis revealed that payments to ransomware operators exceeded $1 billion in 2023, breaking all previous estimations.
However, the first quarter of 2024 is telling a bit of a different story, with some research indicating that ransomware attacks may have decreased by 20% or more from levels observed in the last quarter of 2023. Several factors may be at play in prompting the drop in attacks, including law enforcement actions against two of the top ransomware-as-a-service (RaaS) platform providers—LockBit and BlackCat/ALPHV—as well as a push by governments and some security experts to ban ransomware payments.
Other factors may include a decrease in the mass exploitation of patchable vulnerabilities like we saw with the massive MOVEit campaign, and a possible “exit scam” by one of the disrupted ransomware gangs that has undermined trust in the profit-sharing RaaS business model. So, does this mean we are finally getting the upper hand in the fight against ransomware?
It’s far too soon to tell, and while we may see significant disruptions in some of the most pervasive operations, these gains are likely short-term. Rather than getting too optimistic that we have found the magic combination of efforts that will result in a sustained decrease in ransomware attacks, it is much more likely that we are simply in the eye of the storm. Ransomware attacks remain extremely profitable, relatively easy to carry out, and the offenders face little-to-no potential consequences for their activities.