Ransomware crisis warning: "Huge" rise in attacks, new gangs and novel variants
"2024 was a landmark year with organizations facing growing financial and reputational damage from ransomware attacks."
The threat from ransomware has reached terrifying new heights due to a record level of attacks, a shocking rise in the number of ransomware gangs and the emergence of powerful new variants.
BlackFog, a ransomware prevention and anti-data exfiltration (ADX) vendor, has released the 2024 State of Ransomware Report, an analysis of global ransomware activity which should be concerning reading for any defender.
By analysing data from publicly disclosed and non-disclosed attacks, the research reveals that ransomware attacks soared to their highest levels in history levels in 2024.
LockBit, one of the most feared and notorious ransomware gangs of recent years, remained the most active ransomware variant through 2024, targeting 603 victims.
May was the gang's busiest month. It launched more than 200 attacks during this period, accounting for 36% of all attacks. This surge dashed hopes that the gang had disbanded in defeat after its leader was unmasked and sanctioned.
RansomHub entered the fray in February 2024 and came in second place in the ransomware league, hitting 586 victims including high-profile government entities and 78 victims in the global manufacturing sector. Although these industries have been heavily targeted, this group poses a significant threat to all organisations, with targets ranging from SMEs to large global corporations.
Third place was split between players in a variety of categories. For disclosed incidents, the financially motivated group Medusa accounted for 5%, with ransom demands by the group exceeding $40M. Play ransomware attacks made up 7% of undisclosed incidents with a total of 342.
There was also a "huge" increase in new variants compared with 2023, which Black Fog described as "further evidence that organisations must remain vigilant and continue to adapt their cybersecurity measures."
Throughout the year, 48 new groups emerged - a 65% increase on the number of new variants that hit the scene in 2023.
A significant number of these - 44 new variants - were responsible for nearly a third (32%) of all undisclosed attacks in 2024. In November and December, gangs that debuted in 2024 accounted for more than 50% of the attacks in each month.
“The report shows 2024 was a landmark year with organizations facing growing financial and reputational damage from ransomware attacks, with high-value sectors particularly pressured to pay ransoms to restore operations,” said Dr. Darren Williams, Founder and CEO of BlackFog.
“As cybercriminals continuously refine their techniques to exploit vulnerabilities and launch large-scale attacks, defending against ransomware is becoming increasingly complex. Governments are stepping up efforts to counter this growing threat, introducing new measures such as mandatory ransomware incident reporting.
"However, the global ransomware crisis continues to escalate at an alarming rate. In this evolving threat landscape, proactive and preventative strategies to mitigate ransomware and data exfiltration have never been more crucial.”
Disclosed attacks reach new heights
Healthcare, government, and education accounted for 47% of all 2024’s disclosed ransomware attacks, Black Fog reported. Healthcare suffered a 20% increase on the previous year, government a 15% increase and attacks on the education sector decreased by 10%.
Extortion continued to be the primary tactic employed in 2024 as data exfiltration reached an "unprecedented high" of 94%. Data exfiltration is a "central component" of ransomware, with attackers increasingly likely to combine data encryption with data theft as well as threats to publish or sell sensitive information if ransoms are not paid. Stolen data often includes personally identifiable information (PII), or intellectual property, which can be sold on the dark web.
During 2024, there were also significant rises in disclosed attacks for these industries:
· Retail – a rise of 96% YoY
· Services – a rise of 88% YoY
· Finance – a rise of 66% YoY
· Critical Infrastructure remained a key target with 103 gas, electrical, or other energy companies attacked.
The top three sectors for undisclosed attacks were manufacturing (17.6%), services (12.2%) and technology (9.7%).
Read BlackFog’s 2024 State of Ransomware Report here.
Have you got a story or insights to share? Get in touch and let us know.
