A graphic representing a ransomware alert. On March 6, ransomware group ALPHV/Black Cat conducted an exit scam following their large-scale attack on Change Healthcare, which affected medical practices and pharmacies across the United States. Photo: RareStock via Adobe Stock

The first quarter of 2024 was the most active Q1 ever recorded on ransomware leak sites, a new study from Corvus found, with 1,075 victims reported. Though this is down from a peak of 1,278 victims in Q3 2023, it is a 21% increase from Q1 2023.

The industries that are most frequently targeted by ransomware groups has remained pretty steady in recent years, with 37.4% of the targets falling into the following industries:

  • Information technology and services (6.4%)
  • Construction (5.9%)
  • Hospital and health care (4.2%)
  • Machinery (4.2%)
  • Law practice (3.4%)
  • Automotive (2.8%)
  • Retail (2.8%)
  • Real estate (2.7%)
  • Government administration (2.6%)
  • Mechanical or industrial engineering (2.5%)

The good news is that two significant changes happened among ransomware groups in Q1 2024. The first of these occurred in February, when an international operation targeted the infrastructure of LockBit. This resulted in the confiscation of 24 servers and the immobilization of 200 crypto accounts linked to the group. Prior to this, LockBit averaged 76 new cyber victims per month on its dark web leak site. The servers hosting the leak sites were seized by law enforcement, and details of LockBit's operation and infrastructure were posted in an attempt to cause not just infrastructural, but also reputational damage to the group.

Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader

Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Brittney Meredith-Miller

Brittney Meredith-Miller is assistant editor of PropertyCasualty360.com. She can be reached at [email protected].

Commercial Lines
Information Security
Cybersecurity