iTechBahrain Information Technology Digital Marketing Web & Mobile Development Services
- 2024 witnessed an unprecedented increase in ransomware attacks, with a 65% rise in the number of involved groups.
- The attacks targeted the health, government, and education sectors, with a significant increase in attacks on the retail and services sectors.
- LockBit and RansomHub emerged as the most dangerous threat actors, targeting hundreds of victims with large-scale operations.
It appears that 2024 was the worst year ever in terms of ransomware attacks. According to recent reports, this year recorded record numbers in terms of the number of involved groups, the diversity of used malware, and the high amounts of paid ransoms.
In detail, cybersecurity research conducted by BlackFog revealed that the number of groups detected in 2024 increased by 65% compared to 2023, reaching 48 groups. Among these groups, 44 new variants emerged, responsible for nearly a third (32%) of undisclosed attacks during the year. In the last two months of the year, groups that emerged for the first time in 2024 accounted for more than half of the recorded attacks each month.
As for the announced attacks, they mainly targeted the healthcare, government, and education sectors, which accounted for nearly half (47%) of all recorded reports during the year. Attacks on the healthcare sector increased by 20% compared to a year ago, while attacks on government institutions increased by 15%, and on the education sector by 10%. However, other sectors witnessed significant increases in the number of attacks, such as the retail sector, which recorded a 96% increase, services by 88%, and the financial sector by 66%.
As for undisclosed attacks, the most targeted sectors were manufacturing at 17.6%, services at 12.2%, and technology at 9.7%.
Two groups in particular emerged as the most dangerous threat actors, namely LockBit and RansomHub. The first group is one of the most dangerous threat sources in recent years, targeting 603 victims during 2024, and launching nearly 200 attacks alone during May of that year, equivalent to 36% of all announced attacks in it.
As for RansomHub, which has barely been around for a year since February 2024, it has proven its danger remarkably, targeting 586 victims, including government agencies and 78 organizations in the global manufacturing sector. In addition to the Medusa group, which, although it represented only 5% of the total announced incidents, was known for demanding huge ransoms that often exceeded 40 million US dollars.
In this context, Dr. Darren Williams, founder and CEO of BlackFog, emphasized the exceptional nature of 2024 in the ransomware attack landscape, noting the financial losses and damages that affected institutions worldwide. He pointed out the need to intensify proactive and preventive measures, in light of the continuous development of cybercriminals’ tools and methods.