Spain ranks fifth worldwide in terms of ransomware attacks, having recorded 58 incidents in the last six months, representing an increase of 23% compared to the first half of the previous year, according to S21sec’s semi-annual “Threat Landscape Report”.

This increase places Spain three positions higher in the global ranking of the most affected countries, with LockBit as the main threat, responsible for 18 of the attacks, followed by Ransomhub with 8 and Cactus with 5. In first place in the ranking is the United States, which has suffered more than 1,000 attacks, followed by the United Kingdom, Germany and Italy, with 136, 84 and 70 attacks respectively, these being the most impacted European countries.

«Ransomware, which restricts access to the infected operating system and demands a ransom in exchange for removing this restriction, has shown a truly worrying growth trend over the past two years. In the first half of 2022, 1,466 attacks were recorded, a figure that has increased significantly to reach 2,175 attacks in the first half of 2024.“, highlights Lourdes Mora, Team Leader of the S21sec Threat Intelligence team.

Spain and ransomware threats

In 2024, global tensions continue to be dominated by wars between Russia and Ukraine, as well as between Israel and Hamas. Cybercriminals have exploited these circumstances, generating serious consequences that affect the international level. Both conflicts have shifted part of the confrontation into the digital realm, where cyberattacks complement traditional war actions, increasing tension and the impact of the damage.

In the case of Russia and Ukraine, the conflict has been characterized by the use of hybrid strategies, where both hacktivism and cyberattacks have played a fundamental role in influencing the course of events. Hacktivist groups on both sides have directed attacks against countries that support their opponents, focusing their efforts on government sites, companies and citizens.

Among the most prominent attacks are ransomware attacks, carried out primarily by Russian groups, which have targeted nations that have provided assistance to Ukraine. These cyberattacks have increased dramatically, selecting specific targets in response to key movements in the war, such as the deployment of military aircraft. Moreover, the attacks not only disrupt digital operations, but can also create physical repercussions when they target critical infrastructure, such as power grids or transportation systems.

Meanwhile, the conflict between Israel and Hamas, which began in October 2023, has also extended its impact to cyberspace. Hacktivist groups, predominantly pro-Palestinian, have been actively involved, with around 70 groups mobilized, compared to 25 pro-Israel organizations. These actors have focused their attacks on key sectors, such as energy, causing significant damage. In addition, attacks targeting areas such as education and the media are severely affecting the social stability of the nations involved.