Check Point Software Technologies has warned about a worrying evolution in the ransomware landscape during 2024. With a total of 5,414 attacks recorded globally, an increase of 11% has been observed compared to the previous year. This increase highlights the urgent need to strengthen cybersecurity strategies in organizations.
The year 2024 began with a decline in ransomware activity, but the frequency of cyberattacks spiked in the second quarter and continued to increase through the end of the year. The fourth quarter closed with 1,827 attacks, representing 33% of the annual total and becoming the most active quarter. This increase was driven by the fragmentation of established groups and the emergence of new cybercriminals.
Spain has shown growing vulnerability, with a total of 106 ransomware incidents in 2024. The dismantling of veteran groups, such as LockBit in February 2024, led to the formation of 46 new groups, raising the total of active attackers to 95, 40 % more than the previous year. Among these new groups, RansomHub stood out, which even surpassed LockBit in activity, with 531 attacks. Other emerging groups, such as FOG, Lynx, APT73 and Eldorado, also transformed the landscape, consolidating the ten most active groups as responsible for 52.8% of the incidents.
“The ransomware ecosystem has evolved into a global threat driven by adaptability and innovation. As ransomware groups fragment and diversify, their tactics become more insidious. To combat this, companies must take a proactive, intelligence-driven approach, with an emphasis on real-time threat detection, robust incident response, and comprehensive education. The fight against ransomware is not just about technology, but a commitment to resilience and preparedness,” explains Adi Bleih, security researcher at Check Point External Risk Management.
Global Impact of Ransomware
The United States remained the most affected country in 2024, with 2,713 attacks, followed by Canada (283) and the United Kingdom (268). During the fourth quarter, the US recorded the highest number of ransomware attacks within its borders (936), while India accounted for more than 50% of all activity recorded throughout the year. Spain, in last position, obtained 23 threats in the fourth quarter.
Check Point Software warns of an 11% global increase in ransomware attacks in 2024
Sectors and Industries in the Spotlight
The Business Services sector was once again the most attacked, with 451 incidents recorded, followed by the Retail and Manufacturing sectors, which experienced a significant increase, accumulating 201 attacks in the fourth quarter. The Construction industry ranked fourth, with a 50% increase in incidents in 2024 compared to the previous year, surpassing the Financial, Educational and Healthcare sectors, which occupied the top positions in 2023.
Ransomware as a Service (RaaS)
The Check Point report highlights a worrying trend: the rise of ransomware as a service (RaaS), which lowers the barrier to entry for cybercriminals. Attackers are adopting more sophisticated techniques, targeting Linux and VMware ESXi systems to cripple entire infrastructures with a single attack.
Check Point Recommendations
Against this backdrop, Check Point Software recommends taking a multifaceted approach to cybersecurity, which includes:
- Comprehensive Threat Detection: Implement solutions that provide real-time visibility into network activity and identify emerging threats.
- Patch Management: Regularly update systems to address known vulnerabilities, especially in Linux and VMware environments.
- Training: Provide employees with the knowledge to recognize phishing attempts and other common attack vectors.
- Collaboration: Collaborate with colleagues in the sector and with security forces to share information and strengthen collective defenses.
