Ransomware Attacks Reach Record-Breaking Levels In 2024 – BlackFog

AI based cybersecurity specialist BlackFog has offered a sobering insight into the online threat landscape confronting organisations and businesses.

In its 2024 State of Ransomware Report, which is a detailed analysis of ransomware activity from publicly disclosed and non-disclosed attacks globally, BlackFog revealed that data exfiltration reached an all-time high in 2024, accounting for 94 percent of all attacks.

It comes after the UK’s cyber guardian agency, GCHQ’s National Cyber Security Centre (NCSC) recently warned that the cyber risk facing UK is “widely underestimated”, and there is a clearly widening gap between the exposure and threat, and the defences that are in place to protect organisations and businesses.

Ransomware attacks

The BlackFog report was generated in part from data collected by BlackFog Enterprise over the specific report period January – December 2024.

BlackFog found that ransomware attacks had reached record levels throughout 2024, and despite some notable legal takedowns, ransomware incidents are expected to increase.

Digging into the research, the report found that LockBit and RansomHub dominated the ransomware variants.

LockBit has been one of the most prominent ransomware gangs in recent years, remained the most active ransomware variant through 2024 affecting 603 victims. May 2024 was the busiest month, with nearly 200 attacks launched, accounting for 36 percent of all attacks that month.

BlackFog noted that this surge followed news of the gang’s disbandment after its leader was unmasked earlier in the year.

Meanwhile RansomHub, a newcomer to the scene in February 2024, was in second place, BlackFog found. This ransomware strain affected 586 victims, including high-profile attacks on government entities and 78 victims in the global manufacturing sector.

BlackFog warned that although these industries have been heavily targeted, the RansomHub group poses a significant threat to all organisations across the spectrum, with victims ranging from SMEs to large global corporations.

And BlackFog found that in third place, the leading players varied by category. For disclosed incidents, financially motivated group Medusa accounted for 5 percent, with ransom demands by the group exceeding $40 million.

Play ransomware attacks made up 7 percent of undisclosed incidents with a total of 342.

BlackFog also warned that there was a huge increase in new variants compared with 2023, providing further evidence that organisations must remain vigilant and continue to adapt their cybersecurity measures. Across 2024, 48 new groups emerged, a huge 65 percent increase from the number of new variants from the previous year.

A significant number of these – 44 new variants – were responsible for nearly a third (32 percent), of all undisclosed attacks in 2024. In November and December, gangs that debuted in 2024 accounted for more than 50 percent of the attacks in each month.

Targetted sectors

So which sectors are criminal gangs and hackers targetting the most?

Well BlackFog identified that healthcare, government, and education are the most targeted sectors.

Indeed, in terms of disclosed attacks, healthcare, government, and education accounted for 47 percent of all 2024’s ransomware news headlines.

Healthcare saw a 20 percent increase over the previous year, government experienced a 15 percent increase, while attacks on the education sector experienced a decrease of 10 percent.

Data exfiltration

The BlackFog report also found that the rate of data exfiltration has reached an all time high.

It found that extortion continued to be the primary tactic employed in 2024, as evidenced by the alarming surge in data exfiltration which reached an unprecedented high of 94 percent.

Data exfiltration has become a central component of ransomware, with attackers increasingly combining data encryption with data theft and threatening to publish or sell sensitive information if ransoms are not paid, said the security specialist.

The stolen data often includes personally identifiable information (PII), or intellectual property, which can be sold on the dark web.

“The report shows 2024 was a landmark year with organizations facing growing financial and reputational damage from ransomware attacks, with high-value sectors particularly pressured to pay ransoms to restore operations,” said Dr. Darren Williams, Founder and CEO of BlackFog.

“As cybercriminals continuously refine their techniques to exploit vulnerabilities and launch large-scale attacks, defending against ransomware is becoming increasingly complex,” said Dr. Williams.

“Governments are stepping up efforts to counter this growing threat, introducing new measures such as mandatory ransomware incident reporting,” said Dr. Williams. “However, the global ransomware crisis continues to escalate at an alarming rate. In this evolving threat landscape, proactive and preventative strategies to mitigate ransomware and data exfiltration have never been more crucial.”

BlackFog also found that 2024 also saw significant sector rises in disclosed attacks for:

• Retail – a rise of 96 percent YoY
• Services – a rise of 88 percent YoY
• Finance – a rise of 66 percent YoY
• Critical Infrastructure remained a key target with 103 gas, electrical, or other energy companies attacked, said BlackFog.

The top three sectors for undisclosed attacks were: manufacturing (17.6 percent), services (12.2 percent) and technology (9.7 percent).