More reports claim 2024 was the worst year for ransomware attacks yet

A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
(Image credit: Getty Images)

  • BlackFog says ransomware rose significantly in 2024
  • Two groups particularly stood out - LockBit and RansomHub
  • Infections increased across industries, despite increased awareness

2024 was a record-breaking year for ransomware attacks, with more groups, more malware variants, and higher payouts than ever before, new research has said.

Cybersecurity researchers BlackFog found compared to 2023, there were 65% more groups detected in 2024r - 48 in total. A significant number of these - 44 new variants - were responsible for almost a third (32%) of all undisclosed attacks in 2024.

In the last two months of the year, threat actors that first emerged in 2024 accounted for more than half of the attacks in each month.

LockBit and RansomHub

When it comes to disclosed attacks, the majority went to healthcare, government, and education verticals. These three took up almost half (47%) of all reports for the year. Attacks on healthcare increased by 20% year-on-year, on government 15%, and on education 10%. However, percentage-wise, there were industries who reported significant rises, as well, including retail (96%), services (88%), and finance (66%).

For undisclosed attacks, the top three industries were manufacturing (17.6%), services (12.2%) and technology (9.7%).

Two groups stood out as particularly dangerous - LockBit and RansomHub. The former is one of the most prominent threat actors in recent years, and in 2024, it targeted 603 victims. In May 2024 alone, the group launched almost 200 attacks, taking up a significant portion (36%) of all attacks reported that month.

RansomHub, on the other hand, did not lag much. Despite only being introduced in February 2024, it managed to affect 586 victims, including government entities and 78 organizations in the global manufacturing sector.

BlackFog also said the Medusa group was worth mentioning, even though it accounted for “just” 5% of all disclosed incidents for the year, as it was known for demanding enormous fees, often exceeding $40 million.

“The report shows 2024 was a landmark year with organizations facing growing financial and reputational damage from ransomware attacks, with high-value sectors particularly pressured to pay ransoms to restore operations,” said Dr. Darren Williams, Founder and CEO of BlackFog.

“As cybercriminals continuously refine their techniques to exploit vulnerabilities and launch large-scale attacks, defending against ransomware is becoming increasingly complex. Governments are stepping up efforts to counter this growing threat, introducing new measures such as mandatory ransomware incident reporting. However, the global ransomware crisis continues to escalate at an alarming rate. In this evolving threat landscape, proactive and preventative strategies to mitigate ransomware and data exfiltration have never been more crucial.” 

You might also like

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Less than half of ransomware incidents end in payment - but you should still be on your guard
Ransomware attack on a computer
Ransomware attacks surged in 2024 as hackers looked to strike faster than ever
ransomware avast
“Every organization is vulnerable” - ransomware dominates security threats in 2024, so how can your business stay safe?
An illustration of a silhouetted thief in motion running while carrying a stolen fingerprint
The 5 worst cyberattacks of 2024
Hands typing on a keyboard surrounded by security icons
35 years on: The history and evolution of ransomware
Flags of Iran, China, Russia and North Korea on a wall. China North Korea Iran Russia alliance
Cybercrime is helping fund rogue nations across the world - and it's only going to get worse, Google warns
Latest in Security
DeepSeek on a mobile phone
More US government departments ban controversial AI model DeepSeek
Ransomware
Fortinet firewall bugs are being targeted by LockBit ransomware hackers
Trojan
Microsoft warns of a devious new RAT malware which can avoid detection with apparent ease
NordProtect logo
Standalone identity theft protection from Nord Security is now available
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
Ofcom cracks down on UK tech firms, will issue sanctions for illegal content
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
These fake GitHub "security alerts" could actually let hackers hijack your account
Latest in News
Lego Pokemon
Pokemon and Lego announce the most electrifying collaboration of all time and I’m going to be first in line
Apple Watch app health
Apple Watch blood pressure monitoring tech revealed in patent
Using Zipped files and folders in Windows 11
Hidden clues suggest Microsoft is moving another part of Windows 11’s Control Panel to the Settings app – and this time it’s mouse options
an image of the Samsung Galaxy S24 Ultra
Finally! One UI 7 has a release date - here are the Samsung phones that’ll get it first
Google Cloud logo
Google to acquire cloud security platform Wiz in $32 billion deal
GIMP 3.0 interface from the website
Our favorite free photo editor finally got the update it deserves - and these are the top 5 features designers should know about