Ransomware attacks were analyzed in a recent report by Corvus Insurance. According to the report, while Q4 attacks were down slightly from Q3 2023, ransomware activity for the year surpassed 2022 totals by 68%.

Last year, ransomware attacks increased each of the first three quarters and then declined slightly in Q4. Q4 attacks dropped by 7% from Q3, with 1,278 victims observed on ransomware leak sites. Despite this sequential quarterly drop, Q4 2023 activity was still up year over year. In addition, 2023 established a new record for ransomware attacks with 4,496 total leak site victims, compared to 2,670 in 2022 and 3,048 in 2021.

While international law enforcement took down the Qakbot malware network in Q3, it still accounted for 31% of the total ransomware volume for the quarter. Its absence in Q4, along with the threat actors’ search for new capabilities to fill the void, likely contributed to the lower-than-expected number of ransomware victims and the slight decrease in victims in Q4.

The number of active ransomware groups increased by 34% between Q1 and Q4 2023. This increase can be attributed to the fracturing of well-known ransomware groups that leaked their proprietary encryptors on the dark web, making them available to new actors who started ransomware operations. For example, at least 10 new ransomware groups have used Babuk’s encryptor, which leaked in 2021.

In Q3, the ALPHV/BlackCat ransomware group accounted for nearly a quarter of all victims in the legal industry (23.5%). This number declined by 8.8% in Q4, likely the result of law enforcement disruption that occurred in December.

The transportation, logistics and storage industry experienced consistent increases throughout 2023. Lockbit 3.0 accounted for 22% of victims, while ALPHV/BlackCat made up 15.87%. Given the nature of the work, businesses in this industry are sensitive to business interruption and may present attractive targets to threat actors looking to put pressure on victims to pay for decryption.

Read the full report here.