Ransomware claims reached an all-time high in November 2024, with Corvus Insurance reporting 632 victims claimed on ransomware groups’ data leak sites (DLS).
More than double the monthly average of 307 victims, the November count exceeds the previous peak of 527 victims recorded in May 2024.
According to a December 11 report by Corvus, these record numbers can be attributed to heightened activity by several ransomware groups, especially RansomHub and Akira.
Since its emergence in February 2024, RansomHub has consistently increased its number of claims each month, capping off with November’s total of 98.
Akira is a more established ransomware group that appeared in March 2023. Since then, the group has maintained a steady stream of activity up to October 2024, claiming between six and 30 victims each month. However, in November, the group seemingly ramped up its operations, with 73 claimed victims.
“Other groups, including Kill Security, SAFEPAY, and Qilin, also played prominent roles in November's ransomware activity. Together, the top five groups were responsible for nearly 50% of the month’s [ransomware claims],” Corvus analysts added.
The data in this report is based on claims from ransomware groups' data leak sites and may not fully represent the overall ransomware activity.