BlackFog, a leader in ransomware prevention and anti data exfiltration, recently unveiled its 2024 State of Ransomware Report, which revealed ransomware attacks reached record levels throughout 2024. New groups, new variants and the volume in which they appeared during the year highlight why ransomware is one of the most pressing cybersecurity challenges.
Some key findings include:
- LockBit, one of the most prominent ransomware gangs in recent years, remained the most active ransomware variant through 2024. May was the busiest month, accounting for 36 percent of all attacks that month.
- RansomHub, a newcomer to the scene in February 2024, was in second place, with high-profile attacks on government entities and numerous victims in the global manufacturing sector. Although these industries have been heavily targeted, this group poses a significant threat to all organizations across the spectrum, with victims ranging from SMEs to large global corporations.
- In third place, the leading players varied by category. For disclosed incidents, financially motivated group Medusa accounted for five percent, with ransom demands by the group exceeding $40 million. Play ransomware attacks made up seven percent of undisclosed incidents.
There was a huge increase in new variants compared with 2023, further evidence that organizations must remain vigilant and continue to adapt their cybersecurity measures. Across the year, 48 new groups emerged, a 65 percent increase from the number of new variants from the previous year. A significant number of these - 44 new variants - were responsible for nearly a third, 32 percent, of all undisclosed attacks in 2024. In November and December, gangs that debuted in 2024 accounted for more than 50 percent of the attacks in each month.
Extortion continued to be the primary tactic employed in 2024, as evidenced by the alarming surge in data exfiltration, which reached an unprecedented high of 94 percent. Data exfiltration has become a central component of ransomware, with attackers increasingly combining data encryption with data theft and threatening to publish or sell sensitive information if ransoms are not paid. The stolen data often includes personally identifiable information (PII), or intellectual property, which can be sold on the dark web.
“The report shows 2024 was a landmark year with organizations facing growing financial and reputational damage from ransomware attacks, with high-value sectors particularly pressured to pay ransoms to restore operations,” said Dr. Darren Williams, Founder and CEO of BlackFog. “As cybercriminals continuously refine their techniques to exploit vulnerabilities and launch large-scale attacks, defending against ransomware is becoming increasingly complex.
"Governments are stepping up efforts to counter this growing threat, introducing new measures such as mandatory ransomware incident reporting. However, the global ransomware crisis continues to escalate at an alarming rate. In this evolving threat landscape, proactive and preventative strategies to mitigate ransomware and data exfiltration have never been more crucial.”
The top three sectors for undisclosed attacks were: manufacturing (17.6 percent), services (12.2 percent) and technology (9.7 percent). For a detailed look into the findings, BlackFog’s 2024 State of Ransomware Report can be downloaded here.
