Acronis Cyberthreats Update, April 2024


Alexander Ivanyuk Senior Director, Technology

Irina Artioli Cyber Protection Evangelist

Candid Wüest VP of Product Management

The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis analysts and sensors. Figures presented here were gathered in March of this year and reflect threats that we detected as well as news stories from the public domain. This report represents a global outlook and is based on more than one million unique endpoints distributed around the world.


Incidents of the month

Researchers have discovered that RedLine malware has been used to steal more than 170 million passwords in the past six months, making it the most notorious credential stealer during that period. RedLine accounted for 47% of all cyber incidents involving stolen passwords, surpassing Vidar, which pilfered more than 65 million passwords (17%). Raccoon Stealer, ranked third, was linked to over 42 million stolen passwords (11.7%). Malware strains Meta, Cryptbot, Risepro, StealC, AZORult, Aurora and Darkcrystal rounded out the top 10 credential stealers.

The data was sourced from known breached password lists analyzing 359 million stolen passwords over the last six months. These stolen passwords are then often sold on underground forums and consequently are used to breach organizations. This highlights the importance of multifactor Authentication (MFA) and zero trust access. Recently, more than 225,000 compromised ChatGPT accounts were discovered for sale on underground forums — many stolen by such credential stealers.


March malware detections

In March, Acronis Cyber Protect blocked 2.4 million malware threats on endpoints — a 26% increase from February.

The below table shows the percentage of Acronis clients that had at least one malware threat blocked at the endpoint (this number has been hovering around 12% for the last year), as well as the normalized percentage of clients with at least one malware detection. The higher the percentage, the higher the risk of a workload in that country being attacked by malware.



The aforementioned threats can be detected and mitigated with solutions from Acronis.

Acronis Cyber Protect Cloud protects against both known and never-before-seen threats through a multilayered protection approach. This includes behavior-based detection, AI/ML-trained detections and anti-ransomware heuristics, which can detect and block encryption attempts and roll back any tampered files automatically without any user interaction.

Additional advanced email security and URL filtering can help you protect against social engineering threats. And your Acronis #CyberFit score helps you quickly identify systems that need attention, while the integrated patch management makes updating your software to the latest versions simple.

Advanced Security + Endpoint Detection and Response (EDR) for Acronis Cyber Protect Cloud brings the visibility needed to understand attacks while simplifying the context for administrators and enabling efficient remediation of any threats.

Learn more about Acronis’ approach to cyber protection.