ransomware tracker graph

Ransomware tracker: The latest figures [April 2024]

Note: this Ransomware Tracker is updated on the second Sunday of each month to stay current

Although ransomware gangs started 2024 off at a slow pace, attacks have picked up across several key sectors with government agencies especially at risk.

Ransomware gangs posted 24 government-related victims to their extortion sites in March — up from the 19 victims in the previous month, and 13 victims in January.

In the last month alone, the cities of Birmingham, Alabama, and East Baton Rouge, Louisiana said that security incidents disrupted public services, while Jackson County in Missouri was forced to declare a state of emergency after discovering a ransomware attack.

Additionally, the Florida Department of Juvenile Justice in Tallahassee admitted to local news outlets that it was dealing with a cyberattack that forced some systems offline. New York City took a city payroll website offline and after dealing with a phishing incident, while the Tarrant County Appraisal District — which determines property values for tax purposes in the Fort Worth area — said it was hit by a ransomware attack.

Attacks on healthcare providers also increased slightly in March, according to data collected by Recorded Future from extortion sites, government agencies, news reports, hacking forums and other sources.

One hack in particular that targeted Change Healthcare has resulted in disruptions for pharmacies and hospitals for weeks. The attack was attributed to the BlackCat/Alphv group, which is also suspected of attempting an elaborate exit scam against its affiliates. Law enforcement had tried to disrupt the cybercrime gang in a December takedown.

"I think one of the big things we saw in February was the re-emergence of ALPHV after the takedown. Their numbers were way down, compared to before [the takedown], but they were trying to make a comeback," said Allan Liska, a Recorded Future ransomware expert who helps track and analyze the data.

"I think we’re staring to see that takedowns, especially large ones, do have a temporary dampening effect, but ransomware remains resilient. After the LockBit takedown and the ALPHV implosion, the next few months will be interesting to watch," Liska added.

In late August, the FBI dismantled the Qakbot ransomware gang's infrastructure and removed ransomware from infected devices.

Similarly, the Ragnar Locker ransomware site was taken down by law enforcement towards the end of 2023 in an international action. Around the same time, Ukrainian hackers said they wiped the servers of the Trigona ransomware gang, which allegedly was tied to Russia.

2024_0412 - Ransomware Tracker_Most Prolific Groups.jpg
2024_0412 - Ransomware Tracker_Reported Ransomware Attacks on Healthcare Providers.jpg
2024_0412 - Ransomware Tracker_Reported Ransomware Attacks on State and Local Governments.jpg
2024_0412 - Ransomware Tracker_Reported Ransomware Attacks on School Districts.jpg
2024_0412 - Ransomware Tracker_Potential Schools Impacted.jpg

Graphs from this ongoing project can be shared and reproduced with proper attribution.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Adam Janofsky

Adam Janofsky

is the founding editor-in-chief of The Record from Recorded Future News. He previously was the cybersecurity and privacy reporter for Protocol, and prior to that covered cybersecurity, AI, and other emerging technology for The Wall Street Journal.