Ransomware attacks surge 58% in July, breaking records

Recent data reveals a significant rise in ransomware attacks during the month of July, breaking previous records for the same period.

According to Blackfog's July State of Ransomware Report, there were 60 publicly disclosed attacks, marking a 58% increase from the previous year.

Darren Williams, CEO and Founder of Blackfog, provided insights into this surge, noting that July has historically been a quieter month for ransomware activities. However, this year has proven to be an exception.

Despite the United States being the primary target, Australia experienced a considerable uptick in attacks as well, with seven incidents reported. Different sectors were impacted, with the government sector experiencing the highest number of attacks at 15. Both the education and healthcare sectors reported nine attacks each. Noteworthy incidents included breaches in the Los Angeles County Superior Court, OneBlood, and Southern California's 911 services.

In terms of ransomware strains, both LockBit and Ransomhub were prominent, each accounting for five claimed victims. The report highlighted that July 2024 was not only the third busiest month of the year but also set the record for the highest number of attacks in any July to date. The month also saw the second-highest number of undisclosed attacks, totalling 406, with a staggering ratio of 677% undisclosed to disclosed attacks.

From a sectoral perspective, the arts and entertainment sector saw the most significant increase in attacks, with a 31% rise. This was followed closely by a 24% increase in government sector attacks. The education and healthcare sectors saw relatively modest increases of 19% and 14%, respectively. Medusa ransomware also saw a notable increase in activity, with a 19% rise in reported cases and a 14% rise in unreported cases. LockBit continues to outpace its rivals, maintaining a 200% lead over its nearest competitor.

The report also introduced a new element, monitoring ransomware payment rates. According to data from CoveWare, 43% of victims involving data exfiltration opted to pay the ransom, compared to an overall payment rate of 36%. This underscores the growing importance organisations place on protecting intellectual property and customer data. Currently, over 93% of ransomware attacks involve data exfiltration. China and Russia are the primary destinations for exfiltrated data, accounting for 16% and 6% of these incidents, respectively.

In related news, financial reports have unearthed the significant financial impact of a ransomware attack on LoanDepot earlier this year. The attack, attributed to the Alphv/BlackCat ransomware group, resulted in losses of approximately USD $27 million. Darren Williams remarked on the severity of the financial consequences, stressing the need for robust data protection measures. He emphasised that data remains the ultimate target for cybercriminals, and ransomware continues to be a highly profitable tool for them.

Williams further pointed out that the probability of businesses being attacked and suffering data theft is exceptionally high. Organisations must remain vigilant and implement measures to prevent such intrusions. The July report's findings of a 58% rise in ransomware attacks compared to the previous year and the fact that 93% of attacks involve data exfiltration highlight the critical necessity for strong cybersecurity protocols. Effective prevention strategies are vital to avoid the substantial financial burdens that can arise from ransomware incidents, burdens that can take months or even years to recover from.

The information provided in Blackfog's report and LoanDepot’s financial disclosures serves as a stark reminder of the escalating threat posed by ransomware. It underscores the need for constant vigilance and proactive measures to safeguard sensitive data against increasingly sophisticated cyber threats.