Ransomware activity in Q4 reaches highest level: Travelers

The fourth quarter of 2024 saw the highest level of ransomware activity recorded in any single quarter to date, with a total of 1,663 known victims posted on leak sites, a “significant” 32% increase from the third quarter, according to a report Thursday based on intelligence research conducted by Travelers Cos. Inc.

Fourth-quarter data continued to show a shift away from mass-scale vulnerability exploits and toward more “repeatable” methods of identifying targets, making 2024 a year of “scalability” for ransomware groups, the report said.

For the full year, the number of ransomware attack victims posted on leak sites in 2024 reached 5,243, a 15% increase from the 4,548 incidents recorded in 2023, according to Travelers.

Last year also saw 55 new ransomware groups emerge, a 67% increase in group formation from the previous year.

During the previous peak of such leaks during third-quarter 2023, much of the increase in ransomware leak site activity was attributed to opportunistic exploits of vulnerabilities found in common networking and software products, the report said.

This contrasts activity in fourth-quarter 2024, “when we saw ransomware actors instead find reliable and repeatable methods to gain access to victim networks, such as targeting weak credentials on VPN and gateway accounts that weren’t protected by multifactor authentication.”