The first quarter of 2024 confirmed the growing trend of ransomware attacks affecting several sectors in France. With a diversity of targets and increasingly high ransoms, cybercriminals continue to spread panic. Small and medium-sized enterprises (SMEs) are particularly hard hit, accounting for 60% of attacks alone.
The data collected shows that cybercriminals are continuing to innovate and target new victims. SOS Ransomware takes a look at the most important statistics over the last few months.
Geographical distribution of ransomware attacks
The French regions most affected by ransomware attacks in the first quarter of 2024 are mainly located in Hauts-de-France, Ile de France and Auvergne-Rhône-Alpes. More than five attacks were recorded in these areas, which represent the main targets for cybercriminals at the start of the year. These statistics seem to indicate that major economic areas remain prime targets for attackers. This constant threat reminds us of the importance of remaining vigilant in the face of these threats, and of adopting reinforced security measures.
Fewer ransomware attacks claimed in March
The volume of ransomware attacks claimed in France during the first quarter of 2024 rose in January and February, reaching a peak of 19 attacks in February, before falling back to 5 in March. Overall, the number of attacks remained at the same level as at the end of 2023, as we had already noted in our January article. This fluctuation shows intense activity at the start of the quarter, followed by a slight lull, which could indicate a reorganization of cybercriminal groups or an adaptation of security measures by companies.
Will this respite last? However, we must not relax our cybersecurity efforts, as criminal groups never remain inactive for long…
Victim profile: small and medium-sized businesses still hard hit.
Small and medium-sized enterprises (SMEs) account for 60% of victims of ransomware attacks, followed by healthcare establishments (7%), and associations/foundations (7%).
This finding underlines the need for all organizations, regardless of size or sector, to strengthen their cybersecurity posture. While it seems that larger companies have taken better measure of the danger, allocating greater resources to their cybersecurity, this may not be the case for smaller businesses, which remain more vulnerable and less well-informed.
Most active ransomware groups: 8base and LockBit 3.0 still very present
Among the most active ransomware groups in France, 8base stands out with 10 claimed attacks, closely followed by LockBit 3.0 with 8. BlackBast, Cactus, Alphv (Blackcat) and others are falling behind, but are still in the running. The persistence of these groups demonstrates their effectiveness and adaptability, posing a constant challenge to cybersecurity defenders. Vigilance remains the watchword, and we must never relax our efforts.
Financial impact: average ransom demanded
The average ransom demanded by cybercriminals in the first quarter of 2024 is €250,000, a significant amount that can jeopardize the survival of many businesses, especially SMEs. This underlines the importance of preparation and effective response plans to minimize the financial impact of attacks. Once again, prevention is better than cure! In fact, don’t put off drawing up your DRP (Disaster Recovery Plan) until tomorrow – there’s a good chance it will already be too late!
Average time between attack and payment
The average time between a ransomware attack and the deadline for payment of the ransom is 33 days. This relatively short period of time puts intense pressure on victims, pushing them to act quickly, often without having the time to gather all the information needed for an adequate response. Indeed, ransom payments are not inevitable, and are even discouraged by the authorities.
Conclusion on ransomware statistics for the first quarter of 2024
Statistics for the first quarter of 2024 in France show sustained ransomware activity, with attacks concentrated geographically and mainly targeting SMEs. Attacks are numerous, ransoms high, and response times short.
In the face of these threats, international collaboration, as well as collaboration between the public and private sectors, awareness-raising and innovation remain essential pillars for strengthening our cybersecurity. By learning from these incidents, we can better prepare ourselves and protect our vital infrastructures from cybercriminals.
