Ransomware Attacks Down Month-on-month

September 2024 - Over this monthly period, global levels of ransomware attacks decreased both month-on-month and year-on-year. There were a total of 407 attacks during the month of September, according to NCC Group’s September Threat Pulse, a drop from August’s figures of 450 and September 2023’s figures of 514. 

Ransomhub maintains dominance

Ransomhub retained the top position as the most active threat actor this month with 74 attacks, up by 3% from the previous month’s 72 incidents. One significant attack in September targeted Kawasaki, with the group stealing 487 GB of sensitive data. This included business documents, banking records, and internal communications. After failed auctions, they threatened to leak the data on the dark web.

Play secured second position with 43 attacks, followed by Medusa in third with 26 attacks, and Qilin in fourth with 23 attacks. 

80% of attacks strike North America and Europe

North America remained the most targeted region, accounting for 57% of total global attacks (233). Europe followed with 23% of attacks (94), a noteworthy drop from 125 in August.

Asia faced a modest rise, with attacks climbing from 43 in August to 46 in September, and South America remained the same with 21 attacks. Attacks in Oceania dropped from 15 to 8 between August and September, with Africa also experiencing a significant decline in attacks, going from 13 to 5. 

Industrials remains the prime target 

The Industrials sector remained the most targeted sector. Accounting for 26% (103) of attacks in September, these figures reflect the continued interest by threat actors in targeting Critical National Infrastructure (CNI). Following closely behind is Consumer Discretionary with 89 attacks, and in third position, Information Technology with 51 attacks. 

Ransomware Spotlight: Cicada3301’S assault on VMware ESXi servers

In recent months, there has been a sharp rise in cyber threats targeting virtualized environments, exposing vulnerabilities in critical organizational networks. As more enterprises adopt virtualisation for scalability and flexibility, these infrastructures have become prime targets for attackers. A new ransomware variant, Cicada3301, is taking advantage of weaknesses in VMware ESXi servers, which are essential to organizations relying on virtual machines.

This highlights the critical need for robust security measures in virtualized environments, such as strong antivirus software, to allow organizations to mitigate the risks posed by sophisticated ransomware like Cicada3301.

Matt Hull, head of Threat Intelligence at NCC Group, said, "Despite a small drop in ransomware victims in September, organizations must stay vigilant. The ransomware threat landscape has been continually volatile throughout 2024, with the number of victims rising and falling month on month.

As the Industrials sector continues to be the most targeted, it’s essential that organizations operating in this space are mindful of the continued threat. Due to the significant impact on organizations that rely on ‘up-time’, and those that hold large amounts of Intellectual Property (IP) or Personally Identifiable Information (PII), cyber criminals will maintain their level of focus as they seek maximum ‘bang for their buck.'

We must also be aware that fuelling the Ransomware ecosystem is a network off access brokers and info-stealing malware. We have noted an increase in the volume of both, so organizations should ensure that fundamental security practices around password management, end point security, and Multi Factor Authentication are in place and effective.”

About NCC Group

NCC Group is a people-powered, tech-enabled global cyber security and software escrow business.
 
Driven by a collective purpose to create a more secure digital future, c2,000 colleagues across Europe, North America, and Asia Pacific harness their collective insight, intelligence, and innovation to deliver cyber resilience for over 14,000 clients across the public and private sector.
 
With decades of experience and a rich heritage, NCC Group is committed to developing sustainable solutions that continue to meet clients’ current and future cyber security challenges.