2024 breaks records with highest-ever amount of ransomware attacks as cybercriminals target critical infrastructure
- 2024 observed the highest volume of annual ransomware cases (5263) since NCC Group started monitoring ransomware activity in 2021.
- While LockBit carried out the most attacks (10%), RansomHub was most active consistently throughout the year.
- Industrials was the most targeted sector in 2024, accounting for 27% of attacks.
- 79% of all attacks globally took place in North America and Europe.
January - December 2024 – With a staggering 5263 attacks, 2024 saw the highest volume of ransomware attacks since 2021.
In a turbulent year for the cyber landscape, with high-impact attacks on sophisticated nation-state espionage campaigns, attack volume continued to rise.
LockBit remains top threat actor despite takedown
The infamous threat group LockBit was the top actor of 2024, accounting for 10% (526) of all attacks. However, its overall activity declined compared to 2023, with LockBit’s takedown earlier in 2024.
RansomHub followed closely behind. Accountable for 501 attacks, it became the most dominant threat actor during the second half of the year.
Uptick in most regions
North America experienced over half of all attacks in 2024 (55%). Overall, most regions witnessed a rise in attacks, including Asia, South America, and Oceania. Rising global geopolitical tensions and high payouts for ransomware attacks are likely to have contributed to the increases across regions.
Industrials remains a top target
With a crucial role in the global economy, Industrials experienced 27% (1424) of all ransomware attacks in 2024, increasing 15% from 2023. Attacks in the sector have caused mass disruption, affecting critical infrastructure and services and causing material downtime.
Law enforcement whack-a-mole
There are some encouraging signs that the international community has stepped up efforts to recognise and address the threats posed by cyber adversaries. Notable examples include coordinated law enforcement actions against cybercriminal networks such as Operations Cronos, Magnus, Destabilise, and Serengeti.
Despite short-term law enforcement crack downs, threat actors continued to resurface quickly after intervention; LockBit was operating again only five days after its takedown. Now, after warnings from the group that it will be back in full force by February 2025, it’s evident that governments and law enforcement need to do more to prevent the reemergence of these groups.
Matt Hull, Global Head of Threat Intelligence at NCC Group said:
“The cyber security landscape in 2024 presented unprecedented challenges. The scale and complexity of cyber incidents tested the resilience of businesses and institutions globally. Looking ahead, these challenges are set to escalate as cybercriminals and nation-state actors increasingly exploit the growing integration of technology into all aspects of life.
“Key concerns such as third-party compromises, cloud vulnerabilities, and insecure APIs remain critical. We also can’t ignore the rapid advances in artificial intelligence (AI) that are giving rise to new cybercriminal tactics. And the geopolitical dimension of cyber security adds to the ever-changing threat landscape, with nation-states posing significant risks to critical infrastructure.
“In the face of these challenges, businesses, governments, and individuals must stay vigilant and proactive. By understanding the risks and acting today, we can collectively work towards a more secure digital future.”
Contact
NCC Group Press Office
All media enquires relating to NCC Group plc.