The global landscape of ransomware attacks experienced a significant shift in January 2024. According to NCC Group's January Threat Pulse, there was a 27% decrease in ransomware cases compared to December 2023, with 285 incidents recorded. However, when compared to the previous years, the data reveals a worrying trend: a 73% increase from January 2023 and a staggering 138% rise from January 2022.
Shifting Dynamics in Threat Actors
The report highlights a notable change in the hierarchy of threat actors. While Lockbit maintained its position as the most prominent threat actor with 64 cases (22%), 8Base and Akira saw a significant rise, climbing to second and third places with 10% and 9% of the cases, respectively. This shift underscores the dynamic nature of the threat landscape, with groups like Black Basta, BianLian, and Medusa also emerging in the top ten, despite not being featured in December's report.
Regional Trends and Sector Vulnerabilities
North America and Europe continue to be the primary targets, accounting for 86% of the global attacks. However, both regions saw a decline in the number of incidents, with North America experiencing a 15% drop and Europe a 34% decrease. Asia, the third most targeted region, also witnessed a significant reduction in attacks, with only 22 incidents reported.
The industrial sector remains the most affected, representing 34% of all attacks in January. Consumer cyclicals, technology, and healthcare follow, highlighting the broad range of sectors vulnerable to ransomware threats.
Spotlight on Hydra Dynamics
A particular point of interest in the report is the activity of the malware family Hydra. Despite being notable in the previous month, January saw a decrease in activity, with only one "hydra head" actively targeting financial institutions in the DACH region.
Expert Insights
Matt Hull, global head of Threat Intelligence at NCC Group, emphasizes the importance of contextualizing the January data. "While the overall number of attacks has decreased compared to December 2023, it's essential to consider the historical context, as January tends to be a 'quieter' month," he said. Hull warns that this should not be seen as an indicator of a quieter year, highlighting the active start to 2024 by threat groups and the evolving nature of ransomware attacks.
The report serves as a reminder that while there may be fluctuations in the number of attacks, the ransomware threat landscape remains dynamic, with new tactics emerging and the potential impact of AI looming on the horizon.