December 2024 breaks records with the highest-ever monthly amount of ransomware events logged
- December represents the highest number of ransomware cases observed since NCC Group began monitoring ransomware activity in 2021, with 574 attacks.
- New threat actor Funksec was the most active threat group, responsible for 18% of attacks.
- Industrials remains the most targeted sector, accounting for 24% of attacks.
- Cases in Asia rose to 16%, closing the gap between Europe.
December 2024 – Global levels of ransomware attacks were the highest they have been since NCC Group began recording ransomware data in 2021, according to NCC Group's December Threat Pulse. A total of 574 attacks were recorded in December 2024, an increase from November 2024's figure of 565 and December 2023's figure of 387.
New threat actor 'Funksec' tops the leaderboard
Funksec, a newly identified extortion group was the most active threat actor this month with 103 attacks. The rapid rise of the group is due to it targeting multiple sectors globally, emphasising the versatility and threat posed by the group.
In second position was CL0P with 68 attacks, followed by Akira in third with 43 attacks. RansomHub was close behind with 41 attacks.
North America and Europe hit hardest, with Asia close behind
North America remained the most targeted region, accounting for 52% of total global attacks (300) a decrease from 326 in November, and Europe followed with 18% of attacks (100).
Asia experienced a notable increase in attacks, rising from 58 in November to 92 in December with 16% of attacks. Attacks in South America rose from 35 to 40 in December, with Africa rising to taking fifth place with 18 attacks.
Industrials remain the prime target
The Industrials sector remained the most targeted with 136 attacks in December, accounting for 24% of all sectors targeted, demonstrating the continued threat to Critical National Infrastructure (CNI).
The Consumer Discretionary sector maintained second position with 107 attacks, and in third position was Information Technology with 78 attacks.
Ransomware spotlight: BlackBasta attack on BT highlights risks to CNI
On December 4, 2024, Black Basta allegedly ransomed BT, the multinational telecommunications group, claiming the exfiltration of 500GB of sensitive data. This attack highlights the group's growing threat to critical national infrastructure (CNI).
Black Basta’s tactics have evolved from basic malware and business email compromise to sophisticated spear-phishing via Teams and Skype, and the use of botnets like DarkGate and ZBot. While the BT attack had limited operational impact, the group’s use of double extortion and custom malware poses a significant and evolving threat.
This incident underscores the need for robust cybersecurity measures and continuous employee training to defend against increasingly advanced and adaptable ransomware groups like Black Basta.
Ian Usher, Associate Director - Threat Intelligence Operations and Service Innovation at NCC Group, commented:
"December is usually a much quieter time for ransomware attacks, but last month saw the highest number of ransomware attacks on record, turning that pattern on its head.
“The rise of new and aggressive actors, like Funksec, who have been at the forefront of these attacks is alarming and suggests a more turbulent threat landscape heading into 2025. If ransomware groups are becoming bolder and more advanced, we can expect more frequent and widespread attacks, putting every sector and region at risk.
“The data should serve as a wake-up call. No organisation is immune, and the best defence is to stay ahead of the curve. Companies need to double down on their cybersecurity measures and, ensure that their teams are trained and prepared to evolve with the changing nature of ransomware threats.”
About NCC Group:
NCC Group is a people-powered, tech enabled global cyber security and software escrow business.
Driven by a collective purpose to create a more secure digital future, c2,000 colleagues across Europe, North America, and Asia Pacific harness their collective insight, intelligence, and innovation to deliver cyber resilience for over 14,000 clients across the public and private sector.
With decades of experience and a rich heritage, NCC Group is committed to developing sustainable solutions that continue to meet clients’ current and future cyber security challenges.