Ransomware attacks saw a sharp increase in December 2024, as confirmed by a report from NCC Group, a UK-based information assurance firm. This rise in cyberattacks was expected, as hackers often target the period from the third week of November through December, capitalizing on vulnerabilities during the holiday season.
During this time, many companies, especially in Western countries, experience a reduced workforce due to employees taking time off to celebrate Christmas and New Year. Cybercriminals exploit this, looking for weak points in applications and networks to launch their attacks and deliver malicious payloads.
In December alone, more than 574 ransomware incidents were reported, with over 51% targeting both public and private entities in North America. The industrial sector was hit particularly hard.
While ransomware groups like Clop and Akira led the attack efforts, new players such as RansomHub and the emerging FunkSec ransomware-as-a-service operation began to gain traction.
NCC Group’s cybersecurity researchers noted a shift in attack patterns in 2024. Compared to previous years (2021-2023), the frequency of ransomware incidents toward the end of the year was notably higher, breaking from the usual trend.
On the law enforcement side, agencies made significant efforts to disrupt the activities of notorious cybercrime gangs like LockBit and BlackBasta. Europol, in collaboration with the FBI and Interpol, launched campaigns aimed at sabotaging the IT infrastructure used by these criminals. One such effort, Operation Cronos, led to a major takedown of the LockBit gang—only for them to resurface by June 2024 with a new, more advanced version, LockBit 3.0.
As ransomware crime continues to escalate, protecting data and systems through regular backups and a solid disaster recovery plan remains the best defense. However, even with these precautions, victims still face the constant risk that stolen data could be leaked or sold by hackers.
When it comes to paying ransoms, there is no guarantee that the criminals will provide the decryption key, and paying only fuels future attacks on the same victim. Experts recommend reporting ransomware incidents to law enforcement, as sharing intelligence can help prevent further attacks, issue timely warnings, and ultimately protect other companies from falling victim to similar threats.
