Global ransomware attacks increased with payments and demands in T2: Corvus

Ransomware groups increased their activity significantly in the second quarter, a new report from a Travelers subsidiary shows.

The report from Corvus Insurance details attacks against 1,248 victims, a 16% increase from the previous quarter. The company’s Q2 2024 Cyber ​​Threat Report shows that groups such as PLAY, Medusa, RansomHub, INC Ransom and Blacksuit were at the forefront of attacks.

The report found that the average ransomware demand reached $1.5 million, a 102% quarterly increase and the highest figure reported by Corvus since the second quarter of 2022. The average ransom payment also reached a new maximum of 626,415 dollars.

According to the Corvus data report, an organization with no backups is 2.38 times more likely to be forced into a ransom situation.

Organizations with effective backup strategies, including immutable backups and what Corvus calls a “3-2-1” strategy, where multiple copies of data are stored in locations separate from the primary network, tend to fare better from from a financial point of view. Among Corvus policyholders who reported ransomware incidents, average claim costs for those with backup strategies were 72 percent lower, the report found.

The report also shows that ransomware operators are finding new methods to secure their demands and get a big payday from organizations. They began using double extortion tactics where operators encrypt data, exfiltrate it, and then threaten to release it on the dark web. The use of data theft in ransomware attacks increases the likelihood that organizations will pay the ransom, as they risk sensitive information being leaked even with secure backups. So far in 2024, data theft has been involved in 93% of ransomware incidents observed by Corvus.

Industries most affected by ransomware attacks include construction, which saw a 20% quarter-on-quarter increase in attack activity. The increase moved construction from second to first on the list of industries most frequently targeted in the second quarter.

The software development sector grew 257% quarter-on-quarter, government and administration grew 71%, IT services and IT consulting grew 54%, and hospitality grew 50%, it shows the report.

“As we close the chapter on the second quarter of 2024, it is clear that the ransomware landscape is developing a knack for disruption,” the report said. “The parallels drawn between the unpredictability of natural disasters and the volatile nature of cyber threats have never been more apt. Just as Hurricane Beryl set a new precedent in meteorological history, digital ransomware storms are charting their own destructive course, leaving indelible marks on the fabric of disparate industries.”