Record ransomware attacks in March 2024, report finds
Ransomware attacks reached record levels in March 2024, with 421 cases, marking an increase from 416 in February, according to new data and analysis from NCC Group's Threat Intelligence team. This trend suggests an anticipated further increase in such activity throughout April and the rest of the year, despite an 8% year-on-year decrease compared to March 2023.
Significant changes have been observed among threat actors. RAGroup, with a 300% increase in activity since their last known attack in December 2023, has entered into the top three for the first time. Previously active groups LockBit 3.0 and Play continue to lead, while other groups, like Black Basta, Medusa, and Cactus followed in subsequent positions.
North America and Europe were dominating targets, bearing 82% of all the cases. Considering LockBit 3.0, there was a noticeable decline in its activity from February to March, possibly as a result of actions by law enforcement agencies. Conversely, Play expanded its activity, with the number of attacks rising from 26 in February to 40 in March.
Scrutinising the figures reveals a relatively maintained trend among regional ransomware attacks. Most attacks were concentrated in North America, which suffered over 50% of the cases. Other regions such as Asia, South America, Oceania, Africa, and undisclosed locations shared the remaining 18% of cases, showing a minor difference from the previous month.
Industrials, Consumer Cyclicals, and Healthcare surfaced as the top targeted sectors. Notably, Healthcare climbed from fourth to third place in March, recording 45 attacks. The Technology sector witnessed a substantial leap, moving from the sixth spot in February to fourth in March, thanks to a 41% increase in targeted attacks. Meanwhile, basic materials slid from fifth to eighth following a 44% decrease in attacks since February.
Matt Hull, Global Head of Threat Intelligence at NCC Group, commented on the situation: "It's evident that ransomware attacks aren't slowing down any time soon. We are seeing what were once less prominent ransomware gangs, like RAGroup, now increasingly getting closer to major players, such as Lockbit. This has not only led to a massive shake-up within the ransomware landscape but also an increasing number of attacks that the public needs to be vigilant about."
Matt Hull meantime warns that despite increased law enforcement actions against these threat actors, the public needs to remain cautious of potential resurgences like LockBit. He concludes, "As ever, we'll continue to monitor these groups and the wider threat landscape, to make sure we're sharing all the latest information as soon as we can."