Global ransomware attacks continue to climb month on month

Sept. 27, 2024
Total ransomware cases in August were 14% higher month on month, at 450 attacks

August 2024 — In August, global levels of ransomware attacks increased both month on month and year on year. According to NCC Group’s August Threat Pulse, there were 450 attacks, a jump from the previous month’s figures of 395 and the previous year’s figures of 389.

RansomHub in the top position as the most prevalent threat actor

RansomHub maintains the top position as the most active threat actor this month, with 72 attacks. This is up from 43 in July, a huge 67% increase from last month. RansomHub attacks accounted for 16% of all activity for the month and reflect a continued hold on the threat landscape by the group. Meow secured the second position with 41 attacks, followed by LockBit 3.0 in third with 29 attacks and Play fourth with 27 attacks. The record for the largest known ransom to date was broken in August, as a Fortune 50 company paid a record-breaking $75 million ransom to the Dark Angel's ransomware organization, beating the previous $40 million. 

North America and Europe face 80% of attacks

North America remained the most targeted region, representing 52% of global attacks (232). Europe followed with 28% of attacks (125), a large increase from 83 in July. Asia and South America experienced a modest rise, with attacks retrospectively increasing from 41 and 18 in July to 42 and 21 in August. Africa also saw an increase, from 10 to 14 incidents. 

Consumer Discretionary rivals Industrials for the most targeted sector

The industrial sector remains the most targeted sector. Accounting for 24% (109) of attacks in August, these figures reflect the continued interest by threat actors in targeting critical national infrastructure (CNI). Following closely behind is Consumer Discretionary, which has 104 attacks and is in joint third position, Information Technology and Healthcare, which has 46 attacks. 

Spotlight: Ransomware hits the Grand Palais during the Paris Olympics

During the Paris Olympics, a ransomware attack targeted the Grand Palais and around 40 other museums in France. Despite the disruption to these cultural sites, the Olympic Games remained unaffected. This incident was part of a broader wave of cyber attacks on critical infrastructures, including government entities and transport networks. The French cyber security agency, ANSSI, swiftly contained the impact, showcasing the robustness of the security measures in place for the Games. This event highlights the persistent ransomware threat at high-profile events and underscores the importance of securing all connected systems. 

"The increase in ransomware attack figures this month demonstrates the continuing volatility of the threat landscape. Previous months have seen a slight reduction in attacks, in part due to the takedown of LockBit 3.0, but this month has shown that other actors are all too ready to take their place.“That’s why drawing attention to situations such as the Grand Palais attack is so important. Having robust cyber security measures in place is paramount, particularly regarding major events or organizations. The havoc that a cyber attack could have caused at the Olympics is almost unthinkable. Thankfully, this did not become a reality," noted Matt Hull, Head of Threat Intelligence at NCC Group.