Note: this Ransomware Tracker is updated on the second Sunday of each month to stay current

Although ransomware gangs started 2024 off at a slow pace, attacks picked up across several key sectors throughout February.

Ransomware gangs posted 310 victims to their extortion sites in February — up from the 242 victims in the previous month, and 229 victims in February 2023.

Attacks on healthcare providers as well as state and local governments also increased in February, according to data collected by Recorded Future from extortion sites, government agencies, news reports, hacking forums and other sources.

One hack in particular that targeted Change Healthcare has resulted in disruptions for pharmacies and hospitals for weeks. The attack was attributed to the BlackCat/Alphv group, which is also suspected of attempting an elaborate exit scam against its affiliates. Law enforcement had tried to disrupt the cybercrime gang in a December takedown.

“I think one of the big things we saw in February was the re-emergence of ALPHV after the takedown. Their numbers were way down, compared to before [the takedown], but they were trying to make a comeback,” said Allan Liska, a Recorded Future ransomware expert who helps track and analyze the data.

“I think we’re staring to see that takedowns, especially large ones, do have a temporary dampening effect, but ransomware remains resilient. After the LockBit takedown and the ALPHV implosion, the next few months will be interesting to watch,” Lisa added.

In late August, the FBI dismantled the Qakbot ransomware gang’s infrastructure and removed ransomware from infected devices.

Similarly, the Ragnar Locker ransomware site was taken down by law enforcement towards the end of 2023 in an international action. Around the same time, Ukrainian hackers said they wiped the servers of the Trigona ransomware gang, which allegedly was tied to Russia.

2024_0308 - Ransomware Tracker_Most Prolific Groups.jpg

2024_0308 - Ransomware Tracker_Reported Ransomware Attacks on Healthcare Providers.jpg

2024_0308 - Ransomware Tracker_Reported Ransomware Attacks on State and Local Governments.jpg

2024_0308 - Ransomware Tracker_Reported Ransomware Attacks on School Districts.jpg

2024_0308 - Ransomware Tracker_Potential Schools Impacted.jpg

Graphs from this ongoing project can be shared and reproduced with proper attribution.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.