Freely subscribe to our NEWSLETTER

Vendors within the security industry have recently reported a decreasing number of ransomware
attacks. This is NOT a trend we are seeing. In fact, we continue to see a large volume of attacks
consistent with previous months and the continued trend of under reporting.
Our data comes from many sources including the dark web and victims own public statements.
Attacks are still at historically high levels since we began recording attacks 4 years ago. As we
have also noted, unreported attacks continue to escalate and there is often considerable lag time
between an attack and disclosure. There is also a growing trend by organizations to delay, and
even cover up breaches due to the stigma associated with an attack.

In April we saw continued growth in education, government and healthcare of 19%, 20% and 24%
respectively, with the tech sector seeing the biggest growth of 40% this month. Unreported
attacks are now 10 times those of reported.

From a variant perspective we see that Lockbit continues to dominate with 20% of reported and
41% of unreported and is by far the dominant player right now. This month we have also seen a
high volume of attacks from Bast News as it continues to have success exfiltrating data.
Lastly, we see that exfiltration is now involved in 89% of all attacks with more than 41% going to
China and 10% to Russia.

Methodolgy:
This report was generated in part from data collected by BlackFog Enterprise over the specified
report period. It highlights significant events that prevented or reduced the risk of ransomware or
a data breach and provides insights into global trends for benchmarking purposes. This report
contains anonymized information about data movement across hundreds of organizations and
should be used to assess risk associated with cybercrime