Black Kite Ransomware Report January 2024

An In-Depth Analysis of the Latest Ransomware Trends and Threat Landscape

Dive into the constantly shifting world of ransomware, as we uncover the latest tactics, dissect the most prolific actors, and offer insights to keep your organization one step ahead.

The number of victims of ransomware attacks that were announced by the threat actors decreased from over 360 last month to 295 this month. It seems that the groups behind these attacks are experiencing a slow start to the year, much like any other business.

The group known as AlphV/Black Cat is still trying to recover from the damage they sustained from the FBI and other law enforcement agencies. They are not as effective as they once were, but with the help of other groups, we expect to see more victims targeted by them in the coming months. Akira and 8base are now in second and third place, respectively, while Lockbit remains the dominant player.

Lockbit appears to be less strict about their ground rules regarding not attacking NGOs and hospitals.

Although the number of victims is similar to that of last month, the educational sector has become the third most attacked sector this month, having been in fifth place last month.

01Threat Actor Distribution

Other accounted for 59 victims, representing 17.8% of total activity.
Play followed with 36 disclosures.
RansomHub and Akira remained consistently active.

02Geographic Distribution

USA represented 52.5% of all tracked victims.
Others was among the next most impacted countries.
UK and Canada also saw notable activity.

03Industry Distribution

Manufacturing remained the most targeted sector.
Professional Services followed as a heavily impacted sector.
Construction and Health Care continued to be operationally critical targets.

04Threat Actor × Country Matrix

The matrix below shows how leading ransomware groups distributed their activity geographically.

Others

Arcus Media

El Dorado

Black Suit

Cactus

Qilin

INC Ransom

Medusa

Akira

RansomHub

Play

USA

Canada

Germany

Italy

Brazil

India

Spain

France

Japan

Argentina

Australia

Ireland

Others

USA activity was heavily concentrated in Others.
Some actors demonstrated narrow targeting patterns.

05Threat Actor × Industry Matrix

This view highlights sector specialization across leading ransomware groups.

Others

RansomHub

Arcus Media

BlackSuit

Akira

Play

El Dorado

Qilin

Cactus

Medusa

INC Ransom

Agriculture & Fishing

Mining

Utilities

Construction

Manufacturing

Wholesale Trade

Retail Trade

Transportation

Information

Finance and Insurance

Real Estate

Professional Services

Administrative

Educational Services

Health Care

Arts & Entertainment

Accommodation

Other

Public Administration

Manufacturing activity was heavily concentrated in Others.
Some actors demonstrated narrow targeting patterns.

06Six Month Trend Context

07Key Takeaways

332 ransomware disclosures were observed in January 2024.
Other led activity with 59 victims.
USA accounted for 52.5% of disclosures.
Manufacturing remained the most targeted industry.

08Data Methodology and Sources

Victim counts are based on publicly disclosed ransomware leak site postings tracked during the reporting period.
Each victim is attributed to a single threat actor based on disclosure source.
Industry classification is assigned using standardized sector mapping.
Country attribution is based on headquarters location where identifiable.

Ransomware Report January 2024

An In-Depth Analysis of the Latest Ransomware Trends and Threat Landscape

Dive into the constantly shifting world of ransomware, as we uncover the latest tactics, dissect the most prolific actors, and offer insights to keep your organization one step ahead.

01Threat Actor Distribution

02Geographic Distribution

03Industry Distribution

04Threat Actor × Country Matrix

05Threat Actor × Industry Matrix

06Six Month Trend Context

07Key Takeaways

08Data Methodology and Sources

Accelerate Risk Decisions, Cut the Noise.