Global Ransomware Attacks Spiked Along with Payments and Demands in Q2: Corvus

Ransomware groups increased their activity significantly in the second quarter, new report from a Travelers subsidiary shows.

The report from Corvus Insurance details attacks against 1,248 victims, a 16% increase from the previous quarter. The company’s Q2 2024 Cyber Threat Report shows groups like PLAY, Medusa, RansomHub, INC Ransom and Blacksuit were at the forefront of the attacks.

The report found the average ransomware demand hit $1.5 million, a quarterly increase of 102% and the highest figure Corvus has reported since the second quarter of 2022. The average ransom payment also reached a new high of $626,415.

An organization that lacks backups is 2.38 times more likely to have their hand forced in a ransom situation, according to the Corvus data report.

Organizations with effective backup strategies, including immutable backups and what Corvus refers to as a “3-2-1” strategy, in which multiple copies of data are stored in locations segregated from the primary network, tend to fare better financially. Among Corvus policyholders that reported ransomware incidents, the median claim costs for those with backup strategies in place was 72% lower, the report shows.

The report also shows ransomware operators are finding new methods to secure their demands and get a big paydays from organizations. They have begun to employ double-extortion tactics in which operators encrypt data, exfiltrate it and then threaten to release it on the dark web. Using data theft in ransomware attacks increases the likelihood of organizations paying the ransom, since they run the risk of sensitive information being leaked even with secure backups. So far in 2024, data theft was involved in 93% of ransomware incidents observed by Corvus.

Industries most affected by ransomware attacks include construction, which saw a 20% quarter-over-quarter increase in attack activity. The uptick moved construction from second to first on the list of most frequently targeted industries in the second quarter.

The software development sector saw a 257% quarter-over-quarter increase, government and administration had a 71% increase, IT services and IT consulting had a 54% increase and hospitality had a 50% increase, the report shows.

“As we close the chapter on Q2 of 2024, it’s evident that the ransomware landscape is developing a knack for disruption,” the report states. “The parallels drawn between the unpredictability of natural disasters and the volatile nature of cyber threats have never been more apt. Just as Hurricane Beryl set a new precedent in meteorological history, the digital storms of ransomware are charting their own destructive course, leaving indelible marks on the fabric of disparate industries.”