Ransomware attacks soar to record levels in 2024

Ransomware attacks have surged to unprecedented levels in 2024, according to a report released by BlackFog, a firm specialising in ransomware prevention and anti-data exfiltration measures. Their findings reveal that the year witnessed a staggering total of 789 disclosed ransomware attacks, alongside 5,159 undisclosed incidents, marking increases of 25 percent and 26 percent from the previous year, respectively.

The report, titled ‘2024 State of Ransomware Report,’ indicates that January set a record for attack numbers, with 76 incidents occurring, representing a remarkable 130 percent increase compared to January 2023. Throughout the year, a continual rise in attack activity was observed, with seven months exhibiting significant surges in disclosed cases. “The report shows 2024 was a landmark year with organizations facing growing financial and reputational damage from ransomware attacks, with high-value sectors particularly pressured to pay ransoms to restore operations,” stated Darren Williams, founder and CEO of BlackFog.

LockBit and RansomHub emerged as the most prominent ransomware variants, with LockBit maintaining its dominance by impacting 603 victims throughout the year. The month of May proved particularly intense, as nearly 200 attacks were recorded, accounting for 36 percent of that month’s total. Interestingly, LockBit thrived even amid speculation regarding its potential disbandment following the identification of its leader earlier in the year. The sectors most frequently targeted by LockBit included healthcare, education, and manufacturing.

RansomHub, which only debuted on the scene in February 2024, recorded 586 victims, drawing attention for its high-profile attacks on government entities including the Jędrzejów District in Poland and the Government of Mexico, as well as municipalities across the United States. RansomHub also infiltrated the global manufacturing sector, with notable incidents involving Kawasaki Motors and Polaris. This group has gained a reputation as a looming threat to a broad spectrum of organisations, ranging from small to large corporations.

Another notable player is Medusa, which accounted for 5 percent of disclosed attacks. Medusa's operations were highlighted by ransom demands exceeding $40 million, with more than a quarter of its disclosed incidents demanding ransoms above $1 million. The group made headlines for targeting various organisations including Summit Pathology, affecting over 1.8 million individuals, and Henry County, which faced considerable operational disruptions.

The Play ransomware group, while largely operating in the shadows, contributed to a significant share of undisclosed incidents, totalling 342 attacks throughout the year, representing 7 percent of all undisclosed cases. Their targets spanned diverse sectors, from manufacturing to food and drink, with the group reportedly compromising Krispy Kreme's network.

The report presented further evidence of the evolving ransomware landscape, noting a record 48 new groups emerging during the year—a 65 percent increase from 2023. Many of these new variants were linked to undisclosed attacks, with notable newcomers such as Funksec, Kill, and Handala gaining attention for their activities. Funksec concluded 2024 with 60 recorded attacks, while Kill escalated its operations to reach 134 incidents.

Geographically, the United States faced the highest number of attacks at 3,116, with the manufacturing sector suffering the most significant impact, accounting for 28 percent of these incidents. Notably, BlackFog also reported attacks in smaller, less often targeted nations including Congo, Fiji, Ghana, and Costa Rica, where the lack of resources for robust cybersecurity solutions often results in greater repercussions from such incidents.

As the frequency of ransomware attacks rises, the report ultimately underscores the pressing need for proactive measures and strategies to counteract these threats. BlackFog’s findings suggest that the blend of traditional encryption tactics with data exfiltration and extortion now characterises the landscape of ransomware, which has evolved significantly in recent years.

As cybercriminals adapt their methods—leveraging advancements in AI to enhance the effectiveness of their attacks—prospects for 2025 present considerable challenges. Williams anticipates that continued evolution of ransomware tactics, including AI-driven phishing and deepfake technology, will further complicate the cybersecurity response landscape.

The report concludes with an emphasis on the importance of awareness training to mitigate vulnerabilities within organisational structures, recommending unified security platforms to streamline operations and reduce alert fatigue from managing multiple disconnected security tools. As cyber threats continue to escalate in sophistication and volume, organisations are advised to assume they are potential targets and to prepare accordingly with effective cybersecurity policies and tools.

Source: Noah Wire Services