A recent report from cybersecurity consulting firm NCC Group reveals that 2024 experienced the highest number of ransomware attacks since 2021, with a total of 5,263 incidents. The year was marked by significant cyber activity, including high-impact attacks linked to sophisticated nation-state espionage campaigns.
“The cybersecurity landscape in 2024 presented unprecedented challenges. The scale and complexity of cyber incidents tested the resilience of businesses and institutions worldwide,” said Matt Hull, global head of threat intelligence at NCC Group. “As we look ahead, these challenges are expected to escalate, with cybercriminals and nation-state actors exploiting the increasing integration of technology into all aspects of life.”
The report cites the following cyber threats and trends:
LockBit Dominates Despite Setbacks
LockBit emerged as the leading threat actor of 2024, responsible for 10% (526) of all attacks. Although its activity decreased compared to 2023 due to a takedown earlier in the year, LockBit remained a formidable presence. RansomHub followed closely, with 501 attacks, becoming the most prominent threat actor in the latter half of the year.
Regional Surge in Attacks
North America bore the brunt of ransomware attacks, accounting for 55% of the total. Other regions, including Asia, South America and Oceania, also saw an increase in incidents. The rise in global geopolitical tensions and lucrative ransomware payouts likely contributed to this surge.
Industrials: A Prime Target
The industrial sector, vital to the global economy, faced 27% (1,424) of all ransomware attacks in 2024, a 15% increase from the previous year. These attacks caused widespread disruption, impacting critical infrastructure and services, and leading to significant downtime.
Law Enforcement’s Ongoing Battle
There are positive signs that international efforts to combat cyber threats are intensifying. Coordinated law enforcement actions, such as Operations Cronos, Magnus, Destabilise and Serengeti, have targeted cybercriminal networks. However, threat actors often re-emerge quickly after interventions. For instance, LockBit resumed operations just five days after its takedown and has warned of a full return by February 2025. This highlights the need for more robust measures to prevent the resurgence of these groups.
Given these challenges, Hull stated it is crucial for businesses, governments and individuals to remain alert and take proactive measures in order to collaboratively strive for a safer digital future.
“Key concerns such as third-party compromises, cloud vulnerabilities and insecure APIs remain critical. We must also consider the rapid advances in artificial intelligence (AI), which are giving rise to new cybercriminal tactics,” he said. “The geopolitical dimension of cybersecurity adds to the ever-evolving threat landscape, with nation-states posing significant risks to critical infrastructure.”
