Ransomware attacks down month-on-month
- Total ransomware cases in September were 10% lower month on month, at 407 attacks
- Ransomhub maintains top position, responsible for 28% of attacks by the top 10 threat actors
- Industrials remain most targeted sector, accounting for 26% of attacks
- North America and Europe accounted for 80% of all cases globally
In September 2024, global levels of ransomware attacks decreased both month on month, and year on year. There was a total of 407 attacks across the month, according to NCC Group’s September Threat Pulse, a drop from August’s figures of 450 and September 2023’s figures of 514.
Ransomhub maintains dominance
Ransomhub retained the top position as the most active threat actor this month with 74 attacks, up by 3% from the previous month’s 72 incidents. One significant attack in September targeted Kawasaki, with the group stealing 487 GB of sensitive data. This included business documents, banking records, and internal communications. After failed auctions, they threatened to leak the data on the dark web.
Play secured second position with 43 attacks, followed by Medusa in third with 26 attacks, and Qilin in fourth with 23 attacks.
80% of attacks strike North America and Europa
North America remained the most targeted region, accounting for 57% of total global attacks (233). Europe followed with 23% of attacks (94), a noteworthy drop from 125 in August.
Asia faced a modest rise, with attacks climbing from 43 in August to 46 in September, and South America remained the same with 21 attacks. Attacks in Oceania dropped from 15 to 8 between August and September, with Africa also experiencing a significant decline in attacks, going from 13 to 5.
Industrials remains the prime target
The Industrials sector remained the most targeted sector. Accounting for 26% (103) of attacks in September, these figures reflect the continued interest by threat actors in targeting Critical National Infrastructure (CNI). Following closely behind is Consumer Discretionary with 89 attacks, and in third position, Information Technology with 51 attacks.
Ransomware Spotlight: Cicada3301’S assault on VMware ESXi servers
In recent months, there has been a sharp rise in cyber threats targeting virtualized environments, exposing vulnerabilities in critical organizational networks. As more enterprises adopt virtualization for scalability and flexibility, these infrastructures have become prime targets for attackers. A new ransomware variant, Cicada3301, is taking advantage of weaknesses in VMware ESXi servers, which are essential to organizations relying on virtual machines.
This highlights the critical need for robust security measures in virtualized environments, such as strong antivirus software, to allow organizations to mitigate the risks posed by sophisticated ransomware like Cicada3301.
Matt Hull, Head of Threat Intelligence at NCC Group, said: “Despite a small drop in ransomware victims in September, organizations must stay vigilant. The ransomware threat landscape has been continually volatile throughout 2024, with the number of victims rising and falling month on month.
“As the Industrials sector continues to be the most targeted, it’s essential that organizations operating in this space are mindful of the continued threat. Due to the significant impact on organizations that rely on ‘up-time’, and those that hold large amounts of Intellectual Property (IP) or Personally Identifiable Information (PII), cyber criminals will maintain their level of focus as they seek maximum ‘bang for their buck’.
“We must also be aware that fueling the Ransomware ecosystem is a network off access brokers and info-stealing malware. We have noted an increase in the volume of both, so organizations should ensure that fundamental security practices around password management, end point security and Multi Factor Authentication are in place and effective.”
