Ransomware Activity Peaks in Late 2024
The final quarter of 2024 witnessed an unprecedented surge in ransomware incidents, marking the highest quarterly activity ever recorded. During this period, 1,663 victims were publicly disclosed on leak sites, representing a substantial 32% increase from the preceding quarter, according to a comprehensive report from Travelers Cos. Inc.
2024 signaled a paradigm shift in the tactics employed by ransomware groups, moving away from widespread exploitation of vulnerabilities to more consistent and repeatable strategies for identifying targets. This evolution marked the year as one of ‘scalability’ for these cybercriminals, the report highlighted.
Escalating Annual Figures and Emerging Threats
Throughout 2024, the number of ransomware attack victims documented on leak sites reached an alarming 5,243, showing a 15% increase over the 4,548 cases recorded in 2023, as per Travelers’ findings. A notable development last year was the emergence of 55 new ransomware groups, reflecting a dramatic 67% rise in the formation of such groups compared to the previous year.
In stark contrast to the third quarter of 2023, when a spike in ransomware activity was largely driven by opportunistic exploitation of vulnerabilities in widely-used networking and software solutions, the fourth quarter of 2024 presented a different scenario. Ransomware operatives shifted focus to exploiting weak credentials on VPN and gateway accounts that lacked the protection of multifactor authentication, establishing more reliable and repeatable entry methods into victim networks.
