2024 marks most active January for ransomware attacks in three years

Feb. 20, 2024
Data from January 2024 shows that levels of ransomware attacks were up 73% from the same month in 2023 and 138% from 2022.

In January 2024, global levels of ransomware attacks fell by 27% from December, with a total of 285 cases compared to 391 in the previous month, according to NCC Group’s January Threat Pulse.

However, year-on-year ransomware attacks in January continue to rise. Data from January 2024 shows that levels of ransomware attacks were up 73% from the same month in 2023 and 138% from 2022, marking a steep upward trajectory of attack volume over the last three years.

8base and Akira climb the ladder towards most prominent threat actor

While Lockbit was responsible for 64 cases (22%), maintaining its position as most prominent threat actor, 8Base (10%) and Akira (9%) climbed from fourth and eighth to second and third, respectively. This is a notable increase from December.

Black Basta, BianLian and Medusa are in fifth, sixth and eighth positions with 19 cases (7%), 17 cases, (6%), and 13 cases (5%) respectively. However, none of these groups were part of the top ten in December, marking a significant reshuffle of key players.

Attack numbers continue to fall across every region

Unsurprisingly, North America and Europe remain the two most targeted regions in January, with 86% of global attacks between them. North America experienced 59% (169) of all attacks, down 15% from 199 in January. With 75 attacks in January, Europe had a 34% decrease in attacks.

Asia is the third most targeted region for ransomware in January. The scale of the attacks the region observes, however, pale in comparison to Europe and North America. With only 22 total attacks, down 41% from December’s 47 attacks, representing under 8% of the global total.

Industrials dominate sector attacks

January’s top 4 sectors attracting ransomware attacks replicate those from December 2023, with Industrials dominating the landscape, accounting for 34% (96) of the 285 attacks seen this month.

Consumer cyclicals came in significantly lower in second, with 16% (46), technology in third place with 10% (28), and healthcare retaining fourth position with 8% (24) of all attacks in January.

It is worth noting that this year the Industrials sector has started with a significantly higher volume of attacks (96), representing a 96% increase year on year.

January’s stats show that a whole range of sectors were vulnerable to attacks. Outside the top four, consumer non-cyclicals and basic materials rose significantly, to 5th and 6th place, respectively.

Spotlight – Hydradynamics

Despite the activity of malware family Hydra being notable last month, January showed activity indicators going down. The numbers show only one “hydra head” as active, albeit persistently so: Namely an ongoing campaign targeting financial institutions in DACH region.

Matt Hull, global head of Threat Intelligence at NCC Group said: “While the overall number of attacks has decreased compared to December 2023, it’s essential to consider the historical context, as January tends to be a 'quieter' month. However, this is by no means an indicator of a ‘quieter’ year. We’ve seen an incredibly active start to 2024 already by threat groups, the most significant in three years. The ransomware threat landscape remains dynamic and ransomware attacks continue to evolve, with new tactics emerging, and the potential impact of AI looming on the horizon.”