Ransomware attacks surged 20% in July global report reveals

A recent report from NCC Group has highlighted a significant increase in ransomware attacks during July, with a notable 20% rise compared to June.

The report found that the total number of ransomware incidents climbed to 395 in the month, up from 331 in the previous month. This increase primarily impacted the industrial sector, which experienced 125 attacks, emphasising the vulnerabilities in critical national infrastructure.

One potential factor contributing to this rise is the summer holiday season, where reduced staffing levels leave organisations more susceptible to attacks. Commenting on this trend, Ian Usher, the Deputy Head of Threat Intelligence at NCC Group, stated, "July 2024 has been a stark reminder that the cybersecurity landscape is as turbulent as ever, marked by a surge in ransomware attacks and the spread of misinformation. The Industrials, Consumer Cyclicals, and Technology sectors have borne the brunt of these attacks, with groups like RansomHub and LockBit 3.0 leading the charge."

The report identified RansomHub as the most active threat actor in July, being responsible for 43 attacks, which constitute 11% of the month’s total. This marks an increase from 27 incidents linked to the group in June. Following RansomHub, LockBit 3.0 recorded 37 attacks, while Akira, Hunters, Play, and Meow accounted for 29, 25, 20, and 16 attacks, respectively.

Regionally, North America remained the most targeted area, accounting for 56%—or 220—of the total global attacks. Europe followed with 21% (83 attacks), a slight decrease from June’s 90 attacks. Oceania saw a significant rise, with incidents doubling from 10 in June to 22 in July, now representing 6% of global attacks. Meanwhile, South America saw an increase from 14 to 18 attacks, and Africa experienced a jump from 4 to 10 incidents, underscoring the continued exploitation of regions with lower levels of cybersecurity preparedness.

The Industrials sector continues to be the primary target, accounting for 34% of attacks, totaling 125 incidents. The report highlights ongoing concerns about the vulnerability of sectors integral to national infrastructure, with increasing integration of Operational Technology (OT) with IT systems expanding the potential attack surface. Usher reinforced the critical need for robust defences by saying, "The rise in sophisticated techniques, such as the use of information stealer malware in their pre-attack phase, highlights that cybercriminals are not standing still. As these threats evolve, so must our defences."

The Consumer Cyclicals sector faced the second-highest number of attacks, with 48 incidents, primarily affecting hotels and entertainment services, likely due to the strategic timing of attacks during peak holiday seasons. The healthcare sector also remains vulnerable, reporting 44 attacks. A warning from the UK’s NHS chief executive in mid-July underscored the sector's susceptibility following ransomware incidents from the previous month. This situation serves as a reminder of the severe and long-lasting impact of ransomware on healthcare services and the critical need for fortified defences in this sector.

A notable portion of the July ransomware activity exploited a critical VMware ESXi vulnerability, allowing attackers to steal sensitive data and encrypt virtual machines by obtaining full administrative privileges. This underscores the importance of active patch management across industries to safeguard against such vulnerabilities.