top of page

Corvus: Ransomware Attacks Reach Record High as Cybercriminals Adapt and Evolve

November 2023 has been marked by a significant surge in ransomware activities. According to the latest data from Corvus Insurance, a staggering 484 new victims were posted on ransomware leak sites. This figure not only represents a 39.08% increase from October but also a worrying 110.43% rise compared to the same period last year.

This trend is not new; it's the eleventh consecutive month to witness a year-over-year increase in ransomware victims, with the count consistently exceeding 300 for the past nine months. The pivot of threat actors towards software exploits and the deployment of new malware variants has been identified as a key driver behind these escalating numbers.

The trend in November starkly contrasts the brief respite seen in October when ransomware victims on leak sites decreased by 15.12%. However, November's figures quickly rebounded, setting a new record for the number of victims. This is the third time in 2023 that the record for the highest number of ransomware leak site victims has been broken, with the last major peak observed in November 2021. So Why The Change?

One of the critical factors in the fluctuating numbers was the takedown of the Qakbot malware network. Despite being taken offline by international law enforcement, Qakbot remained a dominant malware strain, especially in email-based attacks, as reported by Fortra PhishLabs.

An analysis of November's data reveals a distinct pattern in ransomware group activities. LockBit emerged as the most active group with 121 victims, followed by other notorious groups like PLAY, AlphVM, BlackBasta, and 8Base. Notably, November 2023 ranked as LockBit's third most active month, indicating a resurgence in its operations.

The increased activity of ransomware groups like LockBit can be partly attributed to new vulnerabilities being exploited, such as CitrixBleed. Additionally, the pivot to other infostealer malware like DarkGate and Pikabot, in the wake of QBot's shutdown, underscores the adaptability of ransomware operators.

Organizations Need to Stay Vigiliant

The current landscape indicates a rapid adaptation by ransomware groups to circumvent cybersecurity measures. Their shift to leveraging software exploits and diversifying malware families is proving effective in penetrating corporate networks. As cybercriminals continue to evolve their strategies, the need for robust and real-time cybersecurity responses has never been more critical.


bottom of page