• Advertise
  • Subscribe
  • Forums
  • Buyer's Guide
  • Contact Us
  • Connect on LinkedIn
    1. Cybersecurity

    December 2024 breaks records with the highest ever monthly ransomware

    Jan. 22, 2025
    NCC Group found that a total of 574 attacks were recorded in December 2024, an increase from November 2024's figure of 565 and December 2023's figure of 387.
    Related To: NCC Group
    679118f70f44cd22a4d3fb74 Highangleshotlockarounddollarbillblacklaptop 18162

    Global levels of ransomware attacks were the highest they have been since NCC Group began recording ransomware data in 2021, according to the firm's December Threat Pulse. A total of 574 attacks were recorded in December 2024, an increase from November 2024's figure of 565 and December 2023's figure of 387.

    New threat actor 'Funksec' tops the leaderboard

    Funksec, a newly identified extortion group, was the most active threat actor this month with 103 attacks. The rapid rise of the group is due to it targeting multiple sectors globally, emphasizing the versatility and threat posed by the group.

    In second position was CL0P with 68 attacks, followed by Akira in third with 43 attacks. RansomHub was close behind with 41 attacks.

    North America and Europe hit hardest, with Asia close behind

    North America remained the most targeted region, accounting for 52% of total global attacks (300), a decrease from 326 in November, and Europe followed with 18% of attacks (100).

    Asia experienced a notable increase in attacks, rising from 58 in November to 92 in December, with 16% of attacks. Attacks in South America rose from 35 to 40 in December, with Africa rising to take fifth place with 18 attacks.

    Industrials remain the prime target

    The Industrials sector remained the most targeted, with 136 attacks in December, accounting for 24% of all sectors targeted, demonstrating the continued threat to Critical National Infrastructure (CNI).

    The Consumer Discretionary sector maintained second position with 107 attacks, and in third position was Information Technology with 78 attacks.

    Ransomware spotlight: BlackBasta attack on BT highlights risks to CNI

    On December 4, 2024, Black Basta allegedly ransomed BT, the multinational telecommunications group, claiming the exfiltration of 500GB of sensitive data. This attack highlights the group's growing threat to critical national infrastructure.

    Black Basta’s tactics have evolved from basic malware and business email compromise to sophisticated spear-phishing via Teams and Skype and the use of botnets like DarkGate and ZBot. While the BT attack had limited operational impact, the group’s use of double extortion and custom malware poses a significant and evolving threat.

    This incident underscores the need for robust cybersecurity measures and continuous employee training to defend against increasingly advanced and adaptable ransomware groups like Black Basta.

    Ian Usher, Associate Director, Threat Intelligence Operations and Service Innovation at NCC Group, said: “December is usually a much quieter time for ransomware attacks, but last month saw the highest number of ransomware attacks on record, turning that pattern on its head.

    “The rise of new and aggressive actors, like Funksec, who have been at the forefront of these attacks, is alarming and suggests a more turbulent threat landscape heading into 2025. If ransomware groups are becoming bolder and more advanced, we can expect more frequent and widespread attacks, putting every sector and region at risk.

    “The data should serve as a wake-up call. No organization is immune, and the best defense is to stay ahead of the curve. Companies need to double down on their cybersecurity measures and ensure that their teams are trained and prepared to evolve with the changing nature of ransomware threats.”

    cybercompliance
    7512643e9dcd41d6818fe0c5cd0a091e_1920x1080