Q2 2024 Represents Second Most Global Ransomware Attacks Reported by Corvus in a Quarter, Average Ransom Demand Increases by 102%.
BOSTON (August 20, 2024) — Corvus Insurance, a wholly owned subsidiary of The Travelers Companies, Inc., today released its Q2 2024 Cyber Threat Report, Ransomware Season Arrives Early. Featuring data collected from ransomware leak sites, the report identified 1,248 ransomware victims in Q2, the second most the company has recorded in a single quarter.
During the quarter, new ransomware groups, including PLAY, Medusa, RansomHub, INC Ransom, BlackSuit and some additional lesser-known factions, led a series of attacks that eclipsed the first quarter of this year by 16% and the second quarter of 2023 by 8%. These new threat actors emerged following the takedown of LockBit and BlackCat by international law enforcement.
Based on Corvus data, the Q2 report found that the average ransomware demand reached $1,571,667. That represents a quarterly increase of 102% and the highest figure Corvus has reported since the second quarter of 2022. The average ransom payment also reached a new high of $626,415.
According to the research, a company’s backup strategies can impact payouts. Businesses without robust backups are more than twice as likely to surrender to ransom demands during an attack. Conversely, organizations with effective backup strategies have incurred median claim costs 72% lower than their less-prepared counterparts.
Recognizing that many organizations possess valuable and sensitive information, ransomware operators have evolved their tactics by engaging in double-extortion schemes where operators encrypt data, exfiltrate it and then threaten to release it on the dark web. So far in 2024, data theft was involved in 93% of ransomware incidents observed by Corvus, up from 88% in 2023. Using double-extortion schemes, even organizations with secure backups may be forced to pay ransoms, often to prevent the exposure of stolen data.
“Data theft has become the technique employed by attackers to secure maximum payouts from their victims, whether or not they have secure backups,” said Jason Rebholz, Chief Information Security Officer at Corvus Insurance. “A robust security plan is never one layer deep. While a sound backup strategy is important, it cannot mitigate these threats alone. Businesses must utilize a multi-layered security strategy based on a resilient environment with fast detection and prevention capabilities.”
While the Corvus study found that industries most affected by ransomware attacks remained largely similar from the first quarter, Construction moved from second to first in the second quarter. In addition, Government and Oil and Gas joined the list, and ransomware attacks targeting the Software Development and IT Services and IT Consulting sectors were up 257% and 54%, respectively. RansomHub was responsible for 16% of the reported victims within the IT Services industry, followed by PLAY and BlackSuit, which accounted for an additional 18%.
To learn more, a webinar called “Q2 Cyber Threat Report: Ransomware Season Arrives Early” is scheduled for August 29 and will feature Corvus experts.
Contact:
Kerry Pillion
Corvus Insurance, a wholly owned subsidiary of The Travelers Companies, Inc., is building a safer world through insurance products that help to reduce cyber risk for policyholders. Corvus Insurance's Smart Cyber Insurance® and Smart Tech E+O® products include broad coverage, in-house claims handling, and risk prevention services that help prevent cyberattacks through threat alerts for policyholders and the partnership of our in-house cybersecurity experts.
Corvus Insurance offers insurance products in the U.S., Middle East, Europe, Canada, and Australia. Corvus Insurance, Corvus London Markets, and Corvus Germany are the marketing names used to refer to Corvus Insurance Agency, LLC; Corvus Agency Limited; and Corvus Underwriting GmbH. All entities are subsidiaries of Corvus Insurance Holdings, Inc. For more information, visit corvusinsurance.com.
![[LOGO] Corvus Insurance by Travelers](https://www.corvusinsurance.com/hubfs/Corvus%20by%20Travelers%20Logos/CORVUS-Travelers-SML-POS-RGB.svg "[LOGO] Corvus Insurance by Travelers")