January sees three-year high in ransomware attacks across the globe
Ransomware attacks in January of this year hit a three-year high, with 285 cases, according to data analysis by the NCC Groups Threat Intelligence team. Despite showing a 27% decrease from December 2023's 391 cases, the figures from January mark a year-on-year increase for the third year in succession. Indeed, January 2024's attack levels were up by 73% from 2023 and 138% from 2022, illuminating a stark upward trajectory of attack volume over the past three years.
Lockbit retained its position as the most significant ransomware perpetrator, carrying out 64, or 22%, of all recorded attacks. However, 8Base, credited with 10% of attacks, and Akira, responsible for 9%, climbed the rankings to second and third place, respectively, reflecting a notable rise from their standings in December 2023. In addition, threat actors such as Black Basta, BianLian and Medusa entered the top ten. They were responsible for 19 (7%), 17 (6%), and 13 (5%) attacks, respectively, marking a significant reshuffle in the threat actor landscape.
North America and Europe continued to be the most targeted regions, experiencing 86% of all ransomware attacks, despite an overall decrease in incidents. North America accounted for 59% (169) of attacks, down 15% from January 2023, while Europe, with 75 attacks, experienced a 34% decrease. Despite being the third most targeted region, Asia reported a total of just 22 attacks in January, representing less than 8% of the global tally and marking a 41% decrease from the previous December's numbers.
The Industrial sector remained the most prevalent target for ransomware attacks, reproducing the trend seen in December 2023. It comprised 34% (96) of the total attacks this month. Consumer Cyclicals and Technology sector trailed behind, accounting for 16% (46) and 10% (28) of all attacks, respectively, with Healthcare maintaining the fourth position with 8% (24) of all January attacks. The rate at which the Industrial sector experienced attacks saw a substantial year-on-year increase of 96% compared to 2023.
The Hydradynamics malware family, which was particularly active last month, recorded fewer activity indicators in January. Only one 'hydra head' was active throughout the month, consistently targeting financial institutions in the DACH region.
Commenting on the data, Matt Hull, Global Head of Threat Intelligence at NCC Group, noted that while overall numbers have reduced compared to December 2023, January 2024 has witnessed the most active start in three years. Hull cautioned, "While the overall number of attacks has decreased compared to December 2023, it's essential to consider the historical context, as January tends to be a 'quieter' month. However, this is by no means an indicator of a 'quieter' year."
"We've seen an incredibly active start to 2024 already by threat groups, the most significant in three years. The ransomware threat landscape remains dynamic and ransomware attacks continue to evolve, with new tactics emerging, and the potential impact of AI looming on the horizon."