Ransomware in 2024: more attacks, more perpetrators


Check Point looks back at trends in ransomware from the past year. Not only the number of attacks, but also the number of groups increased sharply.

Security firm Check Point Software Technologies takes stock of ransomware for the year. The number of ransomware attacks shows another increase in the past year. Worldwide, 5,414 attacks were recorded, according to Check Point’s figures, up 40 percent from 2023.

Cybercriminals began the year quietly, as ransomware showed a small decline in the first quarter of 2024. That was just quiet before the storm. Starting in the second quarter, the number of attacks only continued to rise, peaking in the fourth quarter. During that period, 1,827 incidents occurred: accounting for 33 percent of all ransomware attacks in 2024.

Fragmentation of groupings

The attacks came from multiple perpetrators. The number of active groups on Check Point’s radar increases by 40 percent to 95. According to Lieven Van Rentergem, security engineer expert at Check Point, a fragmentation among ransomware groups is underway.

Court actions in 2024 broke up well-known groups like LockBit, leading to the creation of new groups by experienced cybercriminals. New and well-known groups quickly dove into the void left by LockBit, even as the group quickly returned. “The business model of Ransomware-as-a-Service has created the biggest shift in the landscape. It has democratized ransomware, allowing even novice threat actors to carry out sophisticated attacks,” Van Rentergem added.

New groups are no small shrimp. For example, the group FunkSec was unknown until before 2024, but already made 85 known victims in the U.S. and Europe. RansomHub became one of the most dominant players and even surpassed LockBit in activity. Other new groups such as FOG, Lynx, APT73 and Eldorado played an increasing role in ransomware attacks. Check Point suspects that these groups are using AI to carry out large attacks with few resources.

Business services most affected

The United States remained the most affected country in 2024 with 936 ransomware attacks. India recorded 44 attacks in the fourth quarter, indicating increasing vulnerability. Business services was again the most targeted sector with 451 attacks, followed by retail and manufacturing. The construction sector experienced the strongest increase with 50 percent more ransomware incidents than in 2023, moving up to fourth place.

read also

Belgium in top 10 ransomware attacks worldwide by 2024

Check Point warns that ransomware attacks are increasingly targeting Linux and VMware ESXi systems. Cybercriminals are also making more use of cloud-based tools and AI to optimize attacks. Organizations are advised to adopt a layered security strategy, focusing on advanced threat detection, patch management and industry collaboration.