2024 State of Ransomware Annual Report

New ransomware variants accounted for nearly a third (32%) of all undisclosed attacks in 2024.

LockBit was the most active ransomware variant in 2024, affecting 603 victims. May was the busiest month with nearly 200 attacks.

When in came to ransomware, Retail saw a rise of 96% year-over-year.

Data exfiltration reached an all-time high of 94%.

Critical Infrastructure ransomware attacks targeted 103 gas, electrical, or other energy companies.

47% of ransomware attacks targeted healthcare, government, and education.

When in came to ransomware, Services saw a rise of 88% year-over-year.

When in came to ransomware, Finance saw a rise of 66% year-over-year.

RansomHub affected 586 ransomware victims in 2024.

48 new ransomware groups emerged in 2024, a 65% increasefrom the previous year.

The top three sectors for undisclosed ransomware attacks were: manufacturing (17.6%), services (12.2%) and technology (9.7%)

Medusa accounted for 5% of disclosed ransomware incidents in 2024.

Healthcare saw a 20% increase in ransomware attacks over the previous year.

Government experienced a 15% increase in ransomware attacks.

The education sector experienced a 10% decrease in ransomware attacks.

Play ransomware attacks made up 7% of undisclosed ransomware incidents in 2024 with a total of 342.