January – March 2024
Q1 of 2024 closed with a significant year-over-year increase in both the number of reported ransomware victims and number of active ransomware groups. The quarter also revealed an increasingly volatile ransomware ecosystem—law enforcement disruptions appear to have temporarily slowed or shifted operational activities of Alphv and LockBit, two of the most prolific Ransomware-as-a-Service (RaaS) groups.
In the wake of these impacts, GRIT has observed attempts by smaller RaaS groups, including Medusa, Cloak, and Ransomhub, to recruit disaffected or displaced affiliates. New behavioral patterns, tactics and techniques from ransomware threat actors have also emerged as groups seek to adapt to the shifting RaaS ecosystem.
Manufacturing, Retail & Wholesale, Healthcare and Consulting organizations represent the majority of publicly posted ransomware victims, with Healthcare remaining as one of the most targeted industries.
The United States continues to bear the brunt of global ransomware attacks, followed by the United Kingdom, Canada, Germany, France and others. Notably, Sweden experienced the largest increase in reported victims with a threefold increase.
