Q3 Cyber Threat Report: The Ransomware Ecosystem is Increasingly Distributed
Ransomware attacks remained high in Q3 2024, with groups targeting sectors like Construction and Healthcare, often exploiting weak VPN credentials.
Threat actors are starting Fall off by increasing ransomware numbers. Here’s what you need to know.
Attacks picked up by 5.12% from August and remained high YoY (79.82% increase). September is the eighth month in a row with a YoY increase in ransomware victims, the sixth month in a row with victim counts above 300, and the fourth month this year with victim counts above 400.
We discovered a leak site in September belonging to a new ransomware group: LostTrustTeam. While the website featured 52 victims, we did not include these in September’s total numbers as we are uncertain when the attacks occurred. However, with their inclusion, September’s total would stand even higher at 462 victims.
This year’s Summer slowdown was shorter and came later than expected. If you blinked, you probably missed it. After two record-breaking months in June and July, ransomware decreased slightly in the first half of August. September shows a notable return to activity for ransomware gangs which, following seasonal patterns will likely continue to increase in Q4.
As we have reported for the past several months, the CL0P ransomware group utilized exploits to amass large numbers of victims, further inflating ransomware numbers for several months out of the year. Their campaign against MOVEit file transfer and storage software appears to have ended with no activity in September. The graph below shows ransomware metrics with CL0P removed from the analysis. While mass exploits add considerably to the total number of ransomware victims, there is a clear trend of steady increases even without CL0P’s outsized contribution. Viewed in this new light, September would actually be the most active month of 2023 without victims from mass exploits. The Q4 increase is also more stark.
Newly discovered leak sites this month include LostTrustTeam, ThreeAM, and CiphBit.
Group |
Date Discovered |
Victim Count |
LostTrustTeam |
9/26/2023 | 52 |
ThreeAM |
9/14/2023 | 10 |
CiphBit |
9/12/2023 | 8 |
Corvus will continue to monitor the threat landscape to protect insureds and contribute to the collective defense of the community.