Ransomware declined in January -- but don't celebrate just yet

The latest ransomware report from GuidePoint Security shows a decline in activity in January compared to the final quarter of last year, with a drop in the total number of posted victims by 33 percent and 60 percent relative to December and November 2023.

However, this is consistent with the trends of January of 2022 and 2023, both of which also followed heightened Q4 activity from the previous year.

The northern hemisphere continues to be most affected, with Canada, France, and the United Kingdom receiving disproportionate ransomware impacts relative to other countries in this region. The United States remains most affected, accounting for 55 percent of all observed posts.

Manufacturing still has the highest volume of victims. Interestingly though the retail and wholesale industry was among the most impacted in January at seven percent of observed victims, returning to its baseline share of victims after a dip in December 2023. Technology, consulting, education, healthcare, and legal sectors also place high among the most impacted industries, likely reflecting the continued practice of data exfiltration against victim organizations that house large volumes of sensitive data.

LockBit continues to be the ransomware market leader, accounting for 23 percent of posted victims in January. This remains within its typical range of 19-25 percent of total victim count observed over the past year.

January has also seen multiple law enforcement and government operations directed against ransomware actors, continuing an increase in announcements of operations targeting the ransomware threat that began in Q4 of 2023.

You can see more detail on the GuidePoint blog.

Image credit: 8vfand/Dreamstime.com