Ransomware attacks rise by 46% in February 2024, finds NCC Group
The latest data from NCC Group's Threat Intelligence team shows a consistent escalation in ransomware attacks. According to the team, ransomware attack instances increased by 46% in February 2024 compared to those of January in the same year, marking 416 cases in total. This marks the third consecutive year that threats have risen year-on-year in February.
NCC Group's February Threat Pulse report reveals a rise in the number of ransomware attacks globally by 73% from February 2023 and 124% from the same period in 2022, presenting a significant upward trend in attack volume over these three years.
Industrials have become a preferred target, accounting for 32% of all attacks in February. Other sectors also targeted included Consumer Cyclicals and Consumer non-Cyclicals. Among the various threat actors, Lockbit 3.0, Hunters, and Qilin were clear culprits. LockBit 3.0 prevailed in the top spot for seven consecutive months with 110 cases, while Hunters and Qilin upgraded from their previous positions to second and third, respectively.
Alarmingly, the report outlines that North America and Europe were the target locations for an overwhelming 85% of all cases. 55% of all these attacks were experienced by North America, a 27% increase from the previous month. Europe saw a 64% month-on-month increase with 123 attacks.
Ransomware attacks continued to afflict the Industrial sector with 134 attacks, a considerable 40% increase from January. Consumer Cyclicals maintained the second spot on the target list with a 66% rise from January. It is also worthy of note that Consumer Non-Cyclicals experienced a resounding soar in attacks by 135%, advancing to third place as a result.
There is an emerging concern for lesser-known ransomware groups who may become increasingly active. The menace imposed by globally known offenders such as Lockbit and Cl0P causes new and small Ransomware-as-a-Service (RaaS) affiliate partnerships to form a growing threat landscape norm, according to Matt Hull, Global Head of Threat Intelligence at NCC Group.
Hull warns of the potential for law enforcement activity to polarise the ransomware landscape, resulting in clusters of smaller RaaS operators that are highly active and harder to detect due to their agility in underground forums and markets. Hull added, "Detection and attribution could become harder, and affiliates may easily switch providers due to low entry thresholds and minimal monetary involvement." He emphasised the need for continued vigilance, as all groups, from major players to emerging threats, likely utilise tried and tested tactics and techniques.
According to Hull, regardless of the prominence or obscurity of the threat groups, the approach to defending and mitigating ransomware threats should remain unchanged. The NCC Group is committed to ongoing research into the dynamics of these ransomware groups, promising to share new developments in the threat landscape promptly.