Skip to navigation Skip to main content Skip to footer

NCC Group Monthly Threat Pulse – Review of August 2024

26 September 2024

Global ransomware attacks continue to climb month on month.

  • Total ransomware cases in August were 14% higher month on month, at 450 attacks.
  • RansomHub shows a continued hold on the threat landscape with 16% of attacks.
  • Industrials continue to climb as the most targeted sector, accounting for 24% of attacks.
  • North America and Europe accounted for 80% of all cases.

August 2024 — In August, global levels of ransomware attacks increased both month on month and year on year. According to NCC Group’s August Threat Pulse, there were 450 attacks in total, a jump from the previous month’s figures of 395 and the previous year’s figures of 389.

RansomHub in top position as most prevalent threat actor

RansomHub maintains the top position as the most active threat actor this month, with 72 attacks. This is up from 43 in July, a huge 67% increase from last month. RansomHub attacks accounted for 16% of all activity for the month and reflect a continued hold on the threat landscape by the group.

Meow secured the second position with 41 attacks, followed by LockBit 3.0 in third with 29 attacks and Play fourth with 27 attacks.

The record for the largest known ransom to date was broken in August, as a Fortune 50 company paid a record-breaking $75 million ransom to the Dark Angels ransomware organisation, beating the previous $40 million.

 

North America and Europe face 80% of attacks

North America remained the most targeted region, representing 52% of total global attacks (232). Europe followed with 28% of attacks (125), a large increase from 83 in July.

Asia and South America experienced a modest rise, with attacks retrospectively increasing from 41 and 18 in July to 42 and 21 in August. Africa also saw an increase, from 10 to 14 incidents.

 

Consumer Discretionary rivals Industrials for most targeted sector

The Industrials sector remains the most targeted sector. Accounting for 24% (109) of attacks in August, these figures reflect the continued interest by threat actors in targeting critical national infrastructure (CNI). Following closely behind is Consumer Discretionary with 104 attacks and in joint third position, Information Technology and Healthcare with 46 attacks.

 

Spotlight: Ransomware hits the Grand Palais during Paris Olympics

During the Paris Olympics, a ransomware attack targeted the Grand Palais and around 40 other museums in France. Despite the disruption to these cultural sites, the Olympic Games remained unaffected. This incident was part of a broader wave of cyber attacks on critical infrastructures, including government entities and transport networks.

The French cyber security agency, ANSSI, swiftly contained the impact, showcasing the robustness of the cyber security measures in place for the Games. This event highlights the persistent threat of ransomware at high-profile events and underscores the importance of securing all connected systems.

 

Matt Hull, Head of Threat Intelligence at NCC Group, noted,

"The increase in ransomware attack figures this month is demonstrative of the continuing volatility of the threat landscape. Previous months have seen a slight reduction in attacks, in-part due to the takedown of LockBit 3.0, but this month has shown that other actors are all too ready to take their place.

“That’s why it’s so important to draw attention to situations such as the Grand Palais attack. Having robust cyber security measures in place is paramount, particularly when it comes to major events or organisations. The havoc that a cyber attack could have caused at the Olympics is almost unthinkable – thankfully, this did not become a reality.”

Contact

NCC Group Press Office

All media enquires relating to NCC Group plc.

press@nccgroup.com

+44 7721577574