By Ashwani Mishra, Editor-Technology, 63SATS
The year 2024 witnessed an unprecedented rise in ransomware attacks, with 5,263 reported incidents, marking a 15% increase from 2023, according to report by NCC Group.
Traditionally, December sees a decline in cyberattacks due to the holiday season, but this trend was upended as November and December recorded the highest number of monthly attacks—565 and 574, respectively.
North America Remains the Prime Target, but Global Threats Intensify
Ransomware is no longer confined to select geographies—it has become a truly global crisis. North America bore the brunt of these attacks, recording 2,869 incidents—a 25% rise from the previous year. However, other regions also saw alarming increases:
Asia recorded 571 attacks (23% increase), as digitization accelerated across industries.
South America witnessed a 29% rise, with 276 reported ransomware incidents.
Europe, Oceania, and Africa also experienced significant, albeit more modest, increases.
This geographic expansion of ransomware attacks underscores how no region is immune, as cybercriminals capitalize on vulnerable digital ecosystems worldwide.
Ransomware Groups on the Rise: LockBit Declines, RansomHub Takes Over
While LockBit continued to be the most prominent ransomware group, its dominance waned significantly, with attacks dropping from 1,034 in 2023 to 526 in 2024. The law enforcement takedown of LockBit 3.0 through Operation Cronos played a key role in this decline.
However, this created a power vacuum in the ransomware ecosystem, leading to the rise of new actors:
RansomHub surged to prominence, attracting former LockBit affiliates and becoming the most active ransomware group of 2024.
Akira nearly doubled its attack volume, from 164 incidents in 2023 to 303 in 2024.
Funksec emerged in December 2024, signaling another threat actor to watch in 2025.
This rapid turnover among ransomware operators reflects the resilience of cybercriminal networks. Even when one group is dismantled, another rises to take its place.
Why Ransomware is Becoming More Dangerous
Several key factors contributed to 2024’s ransomware surge:
Exploited Vulnerabilities & Credential Theft – Attackers increasingly targeted weak security protocols, exploiting legacy systems and unpatched software.
Geopolitical Conflicts & Cyber Warfare – State-sponsored ransomware attacks increased, with groups using cybercrime as a tool for economic and political disruption.
Cryptocurrency Surge – The rising value of cryptocurrencies made ransomware more profitable, incentivizing more attacks.
Ransomware-as-a-Service (RaaS) – The growth of underground RaaS platforms allowed even low-skilled hackers to launch sophisticated ransomware campaigns.
The increase in RaaS actors was particularly concerning, with the number of active ransomware groups jumping from 62 in 2023 to 94 in 2024. This trend suggests that 2025 will bring even more decentralized, hard-to-trace ransomware attacks.
Industrials: The Most Targeted Sector
One of the most concerning developments in 2024 was the targeting of industrial organizations, with 1,424 ransomware attacks—a 15% increase from 2023.
Industrial organizations, including manufacturing, energy, and supply chain providers, are attractive targets for ransomware actors due to:
- Aging infrastructure & legacy systems that lack modern security features.
- Operational Technology (OT) & IT convergence, which has expanded the attack surface for cybercriminals.
- Interconnected supply chains, where one ransomware attack can disrupt entire industries.
Several high-impact ransomware families specifically targeted industrial environments:
- Fog ransomware focused on encrypting machine files and deleting backups, crippling industrial operations.
- Helldown leveraged LockBit’s leaked ransomware builder to conduct dual extortion attacks.
- BlackSuit (formerly Royal) refined its techniques to cause maximum disruption to industrial processes.
These attacks led to operational downtime, financial losses, and severe disruptions in supply chains, making industrial cybersecurity a critical priority for 2025.
The Growing Role of Ransomware in Geopolitics
Ransomware is increasingly being used as a geopolitical weapon, blurring the lines between state-sponsored cyberwarfare and traditional cybercrime.
North Korea made over $1.34 billion from cybercrime in 2024—a 103% increase from 2023—with many of these funds being funnelled into weapons programs.
The Russia-Ukraine conflict fuelled ransomware attacks targeting critical national infrastructure (CNI).
Rising tensions in the South China Sea saw Chinese threat actors ramping up ransomware operations against regional adversaries.
The fusion of cybercrime and nation-state attacks is an alarming trend that complicates global cybersecurity efforts.
What to Expect in 2025: The Road Ahead
Looking ahead, ransomware will continue to evolve, and organizations must step up their defenses to mitigate risks.
Key Predictions for 2025:
- AI-Driven Ransomware: Attackers will leverage AI to automate attacks and evade detection.
- Expansion of RaaS Ecosystem: More groups will adopt Ransomware-as-a-Service, leading to a flood of new cybercriminal actors.
- Targeted Attacks on Critical Sectors: Industries like healthcare, finance, and supply chains will continue to face rising threats.
- Stronger Law Enforcement Crackdowns: Governments worldwide will intensify efforts to dismantle cybercrime networks—but ransomware groups will adapt quickly.
The Bottom Line: Strengthening Cyber Defenses is No Longer Optional
2024 was a defining year in the ransomware landscape, showing that cybercriminals are constantly evolving and finding new ways to exploit digital weaknesses.
