Introduction
In December 2024 [1] [2] [3], NCC Group reported an unprecedented surge in global ransomware attacks, marking a significant deviation from traditional trends. This increase underscores the evolving and aggressive nature of ransomware threats, with new threat actors emerging and targeting a wide range of sectors across the globe.
Description
In December 2024 [1] [2] [3], NCC Group reported a record high in global ransomware attacks, detecting 574 confirmed incidents—the highest monthly volume since the firm began monitoring such activity in 2021. This figure marks an increase from 565 attacks in November and a significant rise from 387 incidents in December 2023. Traditionally [2], December sees a decline in ransomware activity due to the holiday season; however [2], this year represented a notable deviation from that trend, highlighting the evolving and increasingly aggressive nature of ransomware threats [2].
The newly identified extortion group Funksec emerged as the most active threat actor [1], responsible for 103 attacks [1], which accounted for approximately 18% of all recorded incidents. Funksec employed double extortion tactics [3], involving both encryption and exfiltration of files, and targeted a diverse range of sectors [3], including healthcare, manufacturing, technology [1] [4], government, and media, across various countries such as North America, Europe [1] [3] [4], France [3] [4], India [3] [4], and Thailand [3]. North America accounted for 52% of the attacks, while Europe followed with 18% [1]. The Industrials sector was particularly hard hit, suffering 136 attacks [1], with the Consumer Discretionary and Information Technology sectors also significantly impacted [1].
A notable incident during this period involved Black Basta’s attack on BT on December 4, 2024, where the group claimed to have exfiltrated 500GB of sensitive data [1]. This incident underscored the evolving tactics of Black Basta, which now include sophisticated spear-phishing and the use of botnets [1], emphasizing the growing threat to critical national infrastructure [1]. Ian Usher [1] [3], NCC’s associate director of threat intelligence operations [3], expressed concern over the alarming rise of aggressive actors like Funksec and stressed the necessity for organizations to enhance their cybersecurity measures in light of this surge. Contributing factors to the rise in attacks included poor security practices and the potential use of artificial intelligence (AI) to facilitate ransomware operations [3], indicating a more turbulent threat landscape anticipated for 2025 [3], with expectations of increased frequency and severity of attacks across various sectors [3].
Conclusion
The surge in ransomware attacks in December 2024 highlights the urgent need for organizations to bolster their cybersecurity defenses. The emergence of aggressive threat actors like Funksec and the evolving tactics of groups such as Black Basta pose significant risks to various sectors worldwide. As the threat landscape becomes more turbulent, organizations must adopt robust security measures and remain vigilant against potential vulnerabilities. The anticipated increase in the frequency and severity of attacks in 2025 underscores the importance of proactive cybersecurity strategies to mitigate these evolving threats.
References
[1] https://www.securityinfowatch.com/cybersecurity/press-release/55262577/ncc-group-december-2024-breaks-records-with-the-highest-ever-monthly-ransomware
[2] https://www.infosecurity-magazine.com/news/ransomware-record-high-december/
[3] https://www.computerweekly.com/news/366618418/Funksec-gang-turned-up-ransomware-heat-in-December
[4] https://blog.ehcgroup.io/2025/01/22/15/39/53/17979/ataques-de-ransomware-alcanzan-niveles-record-en-diciembre-de-2024/seguridad-informatica/ransonware/ehacking/
