Ransomware attacks up 73% in January 2024 year-on-year | #ransomware | #cybercrime

In January 2024, global levels of ransomware attacks fell by over a quarter (27%), from December, with a total of 285 cases compared to 391 in the previous month, according to NCC Group‘s December Threat Pulse.

However, year-on-year ransomware attacks in January continue to rise. Data from January 2024 shows that levels of ransomware attacks were up to 73% from 2023, and 138% from 2022, marking a steep upward trajectory of attack volume over the last three years.

“While the overall number of attacks has decreased compared to December 2023, it’s essential to consider the historical context, as January tends to be a ‘quieter’ month,” Matt Hull, global head of threat intelligence at NCC Group said.

“However, this is by no means an indicator of a ‘quieter’ year.”

The Most Prominent Threat Actors

While Lockbit was responsible for 64 cases (22%), maintaining its position as the most prominent threat actor, 8Base (10%) and Akira (9%) climbed from fourth to eighth to second and third respectively. This is a notable increase from December.

Black Basta, BainLian and Medusa are in fifth, sixth, and eighth positions with 19 case (7%), 17 cases (6%), and 13 cases (5%) respectively. However, none of these groups were part of the top ten in December, marking a significant reshuffle of key players.

Attack Numbers Fall 

Unsurprisingly, North America and Europe remain the two most targeted regions in January, with 86% of global attacks between them. North America experience 59% (169) of all attack down (15%) from 199 in January. With 75 attacks in January, Europe had a 34% decrease in attacks.

Asia is the third most targeted region for ransomware in January. The scale of the attacks the region observes, however, pale in comparison to Europe and North America.

With only 22 total attacks, down 41% from December’s 47 attacks, this represents under 8% of the global total.

Recommended reading

Industrials Dominate Sector Attacks

January’s top four sectors attracting ransomware attacks replicate those from December 2023, with Industrials dominating the landscape accounting for 34% (96) of the 285 attacks seen this month.

Consumer cyclicals came in significantly lower in the second spot, with 16% (46), technology in third place with 10% (28), and healthcare retaining fourth position with 8% (24) of all attacks in January.

Notably, this year the industrials sector has started with a significantly higher volume of attacks (96), representing a 96% uplift year on year.

January’s stats show that a whole range of sectors were vulnerable to attacks. Outside the top 4, Consumer Non-Cyclicals and Basic Materials rose significantly, to fifth and sixth place respectively.

Spotlight: Hydradynamics

Despite the activity of malware family Hydra being notable last month, January showed activity indicators going down. The numbers show only one “hydra head” as active, albeit persistently so: namely an ongoing campaign targeting financial institutions in DACH region.

“We’ve seen an incredibly active start to 2024 already by threat groups, the most significant in three years,” Hull said. “The ransomware threat landscape remains dynamic and ransomware attacks continue to evolve, with new tactics emerging, and the potential impact of AI looming on the horizon.”

Source link


National Cyber Security