Ransomware attacks have surged to record levels since NCC Group began tracking them in 2021, with critical infrastructure increasingly in the attackers’ sights.
NCC Group’s December Threat Pulse reports 574 ransomware incidents recorded in December, a slight rise from November’s 565 and a significant increase from the 387 incidents recorded in December 2023.
A newly identified extortion group, Funksec, topped the list in December with 103 attacks. Its rapid rise is linked to its ability to target multiple sectors across different regions.
Following Funksec, CL0P was the second-most active group with 68 attacks. Akira ranked third with 43 attacks, and a relatively new actor, RansomHub, registered 41 attacks.
Regional and sectoral targets for ransomware attacks
North America remained the most targeted region, accounting for 300 attacks—52% of the global total. Although still the most affected region, this represents a small drop from November’s 326 attacks. Europe was the second-most affected with 100 attacks (18%).
Asia experienced a notable increase, rising from 58 attacks in November to 92 in December, bringing its share to 16% of global incidents.
South America saw a modest increase from 35 to 40 attacks, while Africa recorded a slight rise to 18 attacks in December.
The industrials sector continued to be the most heavily targeted, with 136 attacks—nearly a quarter of all incidents worldwide—highlighting ongoing risks to critical national infrastructure (CNI).
The consumer discretionary sector recorded 107 attacks, placing it second, and the information technology sector ranked third with 78 attacks.
Black Basta targets BT
One of the most notable incidents in December involved allegations that Black Basta breached telecoms company BT and exfiltrated approximately 500GB of sensitive data. While reported operational impacts were limited, the incident underscores the threat to critical national infrastructure.
Black Basta’s evolving tactics—including spear-phishing through collaboration tools, the use of botnets such as DarkGate and ZBot, and double extortion techniques—illustrate the growing sophistication of ransomware actors and the diversified methods they now employ.
NCC Group’s report warned that incidents like the BT breach serve as stark reminders of the vulnerabilities facing critical infrastructure and the need for proactive defenses.
More frequent and widespread ransomware attacks
Historically, December has tended to be quieter for ransomware activity, but December’s record numbers have broken that pattern.
Ian Usher, Associate Director of Threat Intelligence Operations and Service Innovation at NCC Group, noted that December typically sees fewer attacks, yet last month recorded the highest number on record, reversing that expectation.
Usher highlighted the emergence of new, aggressive actors such as Funksec and warned that their activity suggests a more volatile threat environment heading into 2025. If ransomware groups continue to grow bolder and more technically capable, organisations across all sectors and regions face an elevated risk of more frequent and widespread attacks.
He urged organisations to reassess and strengthen their cybersecurity posture in response to the findings, stressing that no organisation is immune and that staying ahead of evolving threats is essential.
The late-2024 surge in ransomware activity, the appearance of new threat actors, and the increasing sophistication of attack techniques paint a concerning outlook for the year ahead. Organisations must remain vigilant by improving defensive measures, investing in advanced security technologies, and prioritising staff training to reduce exposure to ransomware in 2025.
(Image by Vishnu Vijayan)
See also: Jen Easterly, CISA: Critical infrastructure threats are increasing
Want to learn more about cybersecurity and cloud topics from industry leaders? Check out Cyber Security & Cloud Expo, held in Amsterdam, California and London. The event is co-located with Digital Transformation Week, IoT Tech Expo, Blockchain Expo and AI & Big Data Expo.
Explore other upcoming enterprise technology events and webinars powered by TechForge.