More reports claim 2024 was the worst year for ransomware attacks yet

A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."

(Image credit: Getty Images)

BlackFog says ransomware rose significantly in 2024
Two groups particularly stood out - LockBit and RansomHub
Infections increased across industries, despite increased awareness

2024 was a record-breaking year for ransomware attacks, with more groups, more malware variants, and higher payouts than ever before, new research has said.

Cybersecurity researchers BlackFog found compared to 2023, there were 65% more groups detected in 2024r - 48 in total. A significant number of these - 44 new variants - were responsible for almost a third (32%) of all undisclosed attacks in 2024.

In the last two months of the year, threat actors that first emerged in 2024 accounted for more than half of the attacks in each month.

LockBit and RansomHub

When it comes to disclosed attacks, the majority went to healthcare, government, and education verticals. These three took up almost half (47%) of all reports for the year. Attacks on healthcare increased by 20% year-on-year, on government 15%, and on education 10%. However, percentage-wise, there were industries who reported significant rises, as well, including retail (96%), services (88%), and finance (66%).

For undisclosed attacks, the top three industries were manufacturing (17.6%), services (12.2%) and technology (9.7%).

Two groups stood out as particularly dangerous - LockBit and RansomHub. The former is one of the most prominent threat actors in recent years, and in 2024, it targeted 603 victims. In May 2024 alone, the group launched almost 200 attacks, taking up a significant portion (36%) of all attacks reported that month.

RansomHub, on the other hand, did not lag much. Despite only being introduced in February 2024, it managed to affect 586 victims, including government entities and 78 organizations in the global manufacturing sector.

BlackFog also said the Medusa group was worth mentioning, even though it accounted for “just” 5% of all disclosed incidents for the year, as it was known for demanding enormous fees, often exceeding $40 million.

“The report shows 2024 was a landmark year with organizations facing growing financial and reputational damage from ransomware attacks, with high-value sectors particularly pressured to pay ransoms to restore operations,” said Dr. Darren Williams, Founder and CEO of BlackFog.

“As cybercriminals continuously refine their techniques to exploit vulnerabilities and launch large-scale attacks, defending against ransomware is becoming increasingly complex. Governments are stepping up efforts to counter this growing threat, introducing new measures such as mandatory ransomware incident reporting. However, the global ransomware crisis continues to escalate at an alarming rate. In this evolving threat landscape, proactive and preventative strategies to mitigate ransomware and data exfiltration have never been more crucial.”

US, UK crack down on Russian bulletproof hosting service ZServers for LockBit partnership
We've rounded up the best password managers
Take a look at our guide to the best authenticator app

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.