New Ransomware Strain Drives Rising Attack Levels

Global levels of ransomware attacks again increased both month on month and year on year, according to NCC Group's November Threat Pulse.

Adobe Stock 396450841 (1)
Monster Ztudio/stock.adobe.com

Global levels of ransomware attacks again increased both month on month and year on year, according to NCC Group's November Threat Pulse. A total of 565 attacks were recorded in November 2024, an increase from October 2024's figure of 486 and November 2023's figure of 438.

Matt Hull, head of Threat Intelligence at NCC Group, says, "The relentless activity of various cyber threat actors has almost become commonplace, but the focus on the industrial sector and particularly organizations that operate as part of critical national infrastructure (CNI) remains a real concern. Despite continued sector focus, there’s an interesting picture to paint when it comes to patterns of how threat groups operate. The collaboration between threat groups and blurring of lines between criminal and state-sponsored activity, often linked to geopolitical tensions, creates a dynamic threat landscape where motives behind attacks can be difficult to discern. This has been further highlighted in warnings issued by the UK’s NCSC in their recent Annual Review.

“As 2024 draws to a close, the immediate global threat of ransomware remains, so we’d urge companies to be more vigilant than ever when protecting against attacks. And, as we enter the holiday period, please stay secure and be mindful of the usual seasonal influx of scam and phishing emails which impact us all personally at this time of year.”

Key Takeaways:

  • Akira was the most active threat actor this month with 87 attacks. RansomHub was knocked off of the top spot to second position with 80 attacks, followed by ElDorado in third with 43 attacks, and Killsec in fourth with 33 attacks.
  • North America remained the most targeted region, accounting for 58% of total global attacks (326) a noteworthy increase from 272 in October, and Europe followed with 20% of attacks (114). The Russian-attributed threat group Sandworm was responsible for sustained espionage activity across both regions, with particular focus on the energy sector in Europe.
  • Asia experienced a decrease in attacks, dropping from 68 in October to 58 in November. In contrast, attacks in South America increased to 35, up from 20 in October, with Oceania also witnessing a slight increase, while Africa's attacks doubled.
  • The Industrials’ sector remained the most targeted with 181 attacks in November, accounting for 33% of all sectors targeted, demonstrating the continued threat to Critical National Infrastructure (CNI). The Consumer Discretionary sector followed with 119 attacks, and in third position was Information Technology with 72 attacks.
Latest