Report reveals record-breaking year for attacks

BlackFog has unveiled its 2024 State of Ransomware Report, a detailed analysis of ransomware activity from publicly disclosed and non-disclosed attacks globally.

  • Thursday, 27th February 2025 Posted 1 month ago in by Phil Alsop

The findings reveal ransomware attacks reached record levels throughout 2024. New groups, new variants and the volume in which they appeared during the year highlight why ransomware is one of the most pressing cybersecurity challenges for organizations worldwide.

Key Findings for 2024:

LockBit and RansomHub dominated variants

• LockBit, one of the most prominent ransomware gangs in recent years, remained the most active ransomware variant through 2024 affecting 603 victims. May was the busiest month, with nearly 200 attacks launched, accounting for 36% of all attacks that month. This surge followed news of the gang’s disbandment after its leader was unmasked earlier in the year.

• RansomHub, a newcomer to the scene in February 2024, was in second place, affecting 586 victims, including high-profile attacks on government entities and 78 victims in the global manufacturing sector. Although these industries have been heavily targeted, this group poses a significant threat to all organizations across the spectrum, with victims ranging from SMEs to large global corporations.

• In third place, the leading players varied by category. For disclosed incidents, financially motivated group Medusa accounted for 5%, with ransom demands by the group exceeding $40M. Play ransomware attacks made up 7% of undisclosed incidents with a total of 342.

Newcomers made an impact

There was a huge increase in new variants compared with 2023, further evidence that organizations must remain vigilant and continue to adapt their cybersecurity measures. Across the year, 48 new groups emerged, a huge 65% increase from the number of new variants from the previous year.

A significant number of these - 44 new variants - were responsible for nearly a third, 32%, of all undisclosed attacks in 2024. In November and December, gangs that debuted in 2024 accounted for more than 50% of the attacks in each month.

Healthcare, Government, and Education are most targeted sectors

In terms of disclosed attacks, healthcare, government, and education accounted for 47% of all 2024’s ransomware news headlines. Healthcare saw a 20% increase over the previous year, government experienced a 15% increase, while attacks on the education sector experienced a decrease of 10%.

Rate of data exfiltration reaches all time high

Extortion continued to be the primary tactic employed in 2024, as evidenced by the alarming surge in data exfiltration which reached an unprecedented high of 94%. Data exfiltration has become a central component of ransomware, with attackers increasingly combining data encryption with data theft and threatening to publish or sell sensitive information if ransoms are not paid. The stolen data often includes personally identifiable information (PII), or intellectual property, which can be sold on the dark web.

“The report shows 2024 was a landmark year with organizations facing growing financial and reputational damage from ransomware attacks, with high-value sectors particularly pressured to pay ransoms to restore operations,” said Dr. Darren Williams, Founder and CEO of BlackFog. “As cybercriminals continuously refine their techniques to exploit vulnerabilities and launch large-scale attacks, defending against ransomware is becoming increasingly complex. Governments are stepping up efforts to counter this growing threat, introducing new measures such as mandatory ransomware incident reporting. However, the global ransomware crisis continues to escalate at an alarming rate. In this evolving threat landscape, proactive and preventative strategies to mitigate ransomware and data exfiltration have never been more crucial.”

2024 also saw significant sector rises in disclosed attacks for:

· Retail – a rise of 96% YoY

· Services – a rise of 88% YoY

· Finance – a rise of 66% YoY

· Critical Infrastructure remained a key target with 103 gas, electrical, or other energy companies attacked.

The top three sectors for undisclosed attacks were: manufacturing (17.6%), services (12.2%) and technology (9.7%).

Failure to prioritise testing and integrate generative AI tools raises concerns as agentic AI adds pressure.

CIOs 'overspend' on cloud

Posted 4 days ago by Phil Alsop
43% of CIOs say their CEOs and/or board of directors have concerns about their company’s cloud spend.
Research revealed at Coterie Connect event highlights shifting team structures, evolving skills priorities, and urgent training needed for partner...
Endava has launched its latest research report “AI and the Digital Shift: Reinventing the Business Landscape”.

3,000% surge in enterprise use of AI/ML tools

Posted 1 week ago by Phil Alsop
Zscaler has released the ThreatLabz 2025 AI Security Report, based on insights from more than 536 billion AI transactions processed between February...
Over one in four (28%) British small business owners have used AI tools to help run their business.

Tech fragmentation cited as biggest cyber challenge

Posted 1 week ago by Phil Alsop
New Palo Alto Networks data shows 82% of UK organisations confident in their use of AI, despite AI being identified as biggest cyber risk for 2025.
MIT researchers crafted a new approach that could allow anyone to run operations on encrypted data without decrypting it first.