In the second quarter of this year, a surge in ransomware attacks was observed, with new groups such as PLAY, Medusa, RansomHub, INC Ransom, BlackSuit, and other lesser-known factions leading the way. According to Corvus Insurance, these attacks surpassed those of the first quarter of the year by 16% and exceeded the numbers from the second quarter of 2023 by 8%. The emergence of these new threat actors followed the dismantling of LockBit and BlackCat by international law enforcement agencies.
Corvus data indicates that during the second quarter, the average ransomware demand spiked to $1,571,667, marking a significant 102% increase from the previous quarter. This figure represents the highest demand reported by Corvus since the second quarter of 2022. Additionally, the average ransom payment reached a new high of $626,415. The research also revealed that companies with weak backup strategies are more likely to give in to ransom demands during an attack. On the other hand, organizations with robust backup systems have experienced median claim costs that are 72% lower than those of their less-prepared counterparts.
Ransomware operators have adapted their tactics to target organizations with valuable and sensitive information. They have increasingly engaged in double-extortion schemes, where they encrypt data, extract it, and then threaten to release it on the dark web. In 2024, data theft was involved in 93% of ransomware incidents, up from 88% in 2023. Even companies with secure backups may end up paying ransoms to prevent the exposure of stolen data, highlighting the evolving nature of these attacks.
Jason Rebholz, CISO at Corvus Insurance, emphasized the importance of a multi-layered security strategy to combat ransomware threats effectively. While having a solid backup plan is crucial, it is not sufficient on its own to mitigate these evolving threats. Businesses need to implement resilient security measures with fast detection and prevention capabilities to safeguard against ransomware attacks.
Industry trends revealed that the Construction sector experienced the highest number of ransomware attacks in the second quarter, moving from second place in the previous quarter to the top spot. Additionally, Government and Oil and Gas industries joined the list of sectors most affected by ransomware attacks. Notably, ransomware incidents targeting the Software Development, IT Services, and IT Consulting sectors saw significant increases.
RansomHub, PLAY, and BlackSuit were identified as the top perpetrators of ransomware attacks within the IT Services industry, collectively accounting for a significant portion of reported victims. This data underscores the importance of implementing robust cybersecurity measures across industries to mitigate the growing threat of ransomware attacks.