NCC Group Monthly Threat Pulse – Review of December 2024

The second most active ransomware group in December was Clop with 68 attacks, followed by Akira with 43 attacks and RansomHub with 41 attacks.

The ransomware-as-a-service actor FunkSec was the most active in December 2024, responsible for 103 attacks, which is about 18% of all recorded attacks for the month. Check Point reported that FunkSec claimed to have targeted 85 victims in December.

There was a 58% month-on-month increase in attacks targeting Asia in December, rising from 58 attacks in November to 92.

North America remained the most targeted region in December, accounting for 52% of ransomware attacks. The number of attacks in this region, however, decreased from 326 in November to 300 in December.

The industrials sector was the most heavily targeted sector, facing 24% of all ransomware attacks, totaling 1364, in December 2024.

December 2024 saw the highest monthly volume of global ransomware attacks ever recorded, with 574 attacks detected by NCC Group. This is the highest number since they began monitoring ransomware activity in 2021.

Ransomware attacks targeting South America increased from 35 to 404 in December vs November.

Europe was the second most targeted region, with 18% of ransomware attacks, or 100 attacks, in December 2024.