Holiday period sees significant increase in ransomware activity across July

In July 2024, global levels of ransomware attacks increased month-on-month (331 to 395) but decreased year on year (502 to 395), according to NCC Group’s July Threat Pulse.

  • Thursday, 22nd August 2024 Posted 3 months ago in by Phil Alsop

This month-on-month increase could be attributed to the holiday period kicking in across many parts of the world, during which time threat actors may seek to exploit the decrease in employee presence at work, including in IT security and support departments.

RansomHub dominates the threat landscape

RansomHub emerged as the most active threat actor this month with 43 attacks, up from 27 in June. This accounted for 11% of all activity for the month and reflects a continued hold on the threat landscape by the group.

LockBit 3.0 secured second position with 37 attacks which is incomparable to the high numbers observed prior to their takedown.

Akira came in third with 29 attacks followed by Hunters with 25, Play with 20, and Meow with 16.

Oceania faces noticeable surge in global attacks

North America remained the most targeted region, representing 56% of total global attacks (220). Europe followed with 21% of attacks (83), a slight decrease from 90 in June.

Oceania faced a notable surge, with attacks doubling from 10 in June to 22 in July, now 6% of the global total.

South America reported a 29% increase or from 14 to 18 ransomware incidents, while Africa saw an increase from 4 to 10 incidents. There is expected to be a continued rise in attacks within these continents, as threat actors continue to exploit the lower levels of cyber security infrastructure and readiness within these regions.

Attack levels continue to soar for Industrials

The Industrials sector remains the primary target for cyberattacks, representing 34% (125) of all incidents in July. This ongoing focus on the sector highlights the persistent interest of threat actors in compromising critical national infrastructure (CNI). Given the essential nature of the services provided by this sector, attackers capitalise on the sector's need to remain operational. The increasing integration of Operational Technology (OT) with IT systems has also expanded the attack surface, offering more potential entry points for ransomware attacks.

The Consumer Cyclicals sector experienced the second-highest number of attacks (48), with Hotels and Entertainment services identified as the most frequently targeted. As it is the summer period, it suggests that ransomware actors are strategically timing their attacks to coincide with peak holiday periods in some regions, to maximise disruption and pressure organisations into payment. So, businesses in this sector, should prioritise reinforcing their ransomware defences.

With 44 attacks recorded, the Healthcare sector closely followed in terms of incidents. In the UK, the mid-July warning from the NHS chief executive reinforced the sector's vulnerability, following the ransomware incidents in June. This serves as a stark reminder of the tangible, long-lasting impacts that ransomware attacks can have on healthcare services, emphasising the critical need for robust cybersecurity measures in this sector.

A significant portion of ransomware activity in July was driven by the exploitation of a critical VMware ESXi vulnerability. This allowed attackers to gain full administrative privileges, enabling them to steal sensitive data and encrypt virtual machines. The attacks stress the importance of active patching to mitigate against ransomware across sectors, as threat actors continue to exploit vulnerabilities.

Ian Usher, Deputy Head of Threat Intelligence at NCC Group, said:

"July 2024 has been a stark reminder that the cybersecurity landscape is as turbulent as ever, marked by a surge in ransomware attacks and the spread of misinformation. The Industrials, Consumer Cyclicals, and Technology sectors have borne the brunt of these attacks, with groups like RansomHub and LockBit 3.0 leading the charge.

“The rise in sophisticated techniques, such as the use of information stealer malware in their pre-attack phase, highlights that cybercriminals are not standing still. As these threats evolve, so must our defences. It's crucial that we leverage the latest technologies and maintain robust, intelligence-driven security measures to stay ahead, or risk falling behind in this ever-escalating battle.”

The promise of AI is on every biopharma’s radar, but the reality today is that much of the industry is grappling with how to convert the hype into...
IT teams urged to resolve ‘data delays’ as UK executives struggle to access and use relevant business data.

‘Playtime is over’ for GenAI

Posted 3 days ago by Phil Alsop
NTT DATA research shows organizations shifting from experiments to investments that drive performance.

GenAI not production-ready?

Posted 3 days ago by Phil Alsop
Architectural challenges are holding UK organisations back - with just 24% citing having sufficient governance to implement GenAI.

AI tops decision-makers' priorities

Posted 3 days ago by Phil Alsop
Skillsoft has released its 2024 IT Skills and Salary Report. Based on insights from more than 5,100 global IT decision-makers and professionals, the...

The state of cloud ransomware in 2024

Posted 3 days ago by Phil Alsop
Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security realm.
Talent and training partner, mthree, which supports major global tech, banking, and business clients to build job-ready teams, has revealed the...

AI innovation is powering the Net Zero transition

Posted 3 days ago by Phil Alsop
Whilst overall AI patent filings have slowed, green AI patent publications grew 35% in 2023.