Ransomware attacks hit record high in December 2024

NCC Group's latest threat report for December 2024 records a surge in ransomware attacks, making it the highest on record with a total of 574 incidents.

The report indicates that December 2024 saw the highest number of ransomware cases since NCC Group began monitoring such activity in 2021. This comes on the heels of the UK Government's proposal to ban ransomware payments within the public sector. The report notes a shift in the threat landscape, highlighting the emergence of a new extortion group known as 'Funksec', which led with 103 attacks in December.

Funksec has been identified as the most active threat actor for the month, marking its presence with a considerable number of attacks across multiple sectors globally. Following Funksec, CL0P accounted for 68 attacks, while Akira and RansomHub followed with 43 and 41 attacks, respectively.

Geographically, North America was most targeted, representing 52% of global attacks with 300 incidents, although this was a decrease from November's 326. Europe followed with 18% at 100 attacks. Asia experienced a significant increase, rising from 58 in November to 92 in December, constituting 16% of the total attacks.

The Industrials sector was the primary target, accounting for 24% of the attacks at 136 incidents. This continued focus underscores the ongoing risk to Critical National Infrastructure (CNI). Additional attention was given to the Consumer Discretionary sector with 107 attacks, while Information Technology faced 78 attacks.

A notable incident reported was the BlackBasta ransomware attack on BT, where the group allegedly exfiltrated 500GB of sensitive data. The attack, dated 4 December 2024, draws attention to the evolving tactics of ransomware groups threatening CNI. Despite having a limited operational impact, the attack showcases BlackBasta's growing capabilities, advancing from basic malware to using sophisticated techniques like spear-phishing and botnets.

The incident with BT highlights the pressing need for robust cybersecurity measures and continuous employee training to thwart sophisticated and adaptable ransomware groups. Ian Usher, Associate Director - Threat Intelligence Operations and Service Innovation at NCC Group, remarked, "December is usually a much quieter time for ransomware attacks, but last month saw the highest number of ransomware attacks on record, turning that pattern on its head."

Usher further commented on the alarming rise of aggressive actors such as Funksec, suggesting a more turbulent threat landscape ahead. "The rise of new and aggressive actors, like Funksec, who have been at the forefront of these attacks is alarming and suggests a more turbulent threat landscape heading into 2025. If ransomware groups are becoming bolder and more advanced, we can expect more frequent and widespread attacks, putting every sector and region at risk," he said.

Usher concluded with a warning that the data should serve as a wake-up call for organisations worldwide, stressing the importance of staying ahead of emerging threats. "The data should serve as a wake-up call. No organisation is immune, and the best defence is to stay ahead of the curve. Companies need to double down on their cybersecurity measures and, ensure that their teams are trained and prepared to evolve with the changing nature of ransomware threats," Usher emphasised.