2024 saw the highest-ever amount of ransomware attacks, according to a new report from NCC Group.
There were 5,263 observed ransomware incidents last year, with the LockBit gang accounting for ten percent (526) of these attacks. RansomHub was the second most active group, accounting for 501 attacks.
Notably, the industrial sector was the most commonly targeted, accounting for 27% of ransomware attacks in 2024 (a 15% increase from 2023). The researchers note, “Attacks in the sector have caused mass disruption, affecting critical infrastructure and services and causing material downtime.”
NCC Group predicts that this increase will continue through 2025, as threat actors incorporate AI tools to improve efficiency.
“In 2025, we expect to see a continued increase in attack numbers, in line with the incline observed since 2021,” the researchers write. “Attacks are highly likely to be directed at sectors like industrials, who have historically been vulnerable to ransomware attacks. Law enforcement operations will continue to target major operators.
However, the thriving RaaS ecosystem will allow affiliates to easily change their operator and continue conducting attacks under a different ransom group name. Growing use of AI and machine learning to assist with attacks, and defence strategies will significantly reshape the cyber security landscape.”
The researchers note that awareness training can provide a necessary layer of defense against ransomware attacks, since threat actors often gain initial access via social engineering.
“Ransomware persists in the threat landscape, and this is reflected not only by this case study but also in NCC Group’s Threat Intelligence Team’s coverage of ransomware,” the report says. “Both reflect the persistent threat and the importance of implementing sufficient mitigations for a robust defence. These stretch from phishing training and awareness, a common initial access vector to ransomware attacks, to network segmentation to prevent the spread of the ransomware across the estate.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
NCC Group has the story.