Ransomware remains the greatest threat (46%) to financial organisations.

There was an 80% year-over-year increase in ransomware activity in energy and utilities sector.

The healthcare sector is the third-most targeted sector for ransomware attacks, following manufacturing and professional services.

There was a 32.16% increase in healthcare ransomware attacks from 2023 to 2024.

There was a significant rise in healthcare ransomware attacks in 2024. From Q1 2023 to Q3 2023, healthcare was the 6th or 7th most targeted sector, but it jumped to third position in Q4 2023 and has remained there.

The most active ransomware groups targeting healthcare in 2024 were: Everest: 25% of attacks focused on healthcare organisations, INC Ransom: 21.7% of attacks focused on healthcare organisations, Monti: 20.8% of attacks focused on healthcare organisations, Rhysida: 18.5% of attacks focused on healthcare organisations, BianLian: 15% of attacks focused on healthcare organisations, Qilin: 14% of attacks focused on healthcare organisations, and Black Suit: 14% of attacks focused on healthcare organisations.

19% of ransomware attacks against energy and utilities sector were conducted by Hunters International in H2 2024.

Types of healthcare providers targeted in 2024 were: Physicians' offices accounted for 25% of attacks, general medical and surgical hospitals accounted for 22% of attacks, other health professionals' offices (outpatient centres, family services etc) accounted for 9% of attacks, and dentists' offices accounted for 6% of attacks.

61.6% of healthcare ransomware victims reported attacks to the HHS in 2024.

There was a 58% month-on-month increase in attacks targeting Asia in December, rising from 58 attacks in November to 92.

December 2024 saw the highest monthly volume of global ransomware attacks ever recorded, with 574 attacks detected by NCC Group. This is the highest number since they began monitoring ransomware activity in 2021.

47% of ransomware attacks against energy and utilities sector were in the United States.

The ransomware-as-a-service actor FunkSec was the most active in December 2024, responsible for 103 attacks, which is about 18% of all recorded attacks for the month. Check Point reported that FunkSec claimed to have targeted 85 victims in December.

North America remained the most targeted region in December, accounting for 52% of ransomware attacks. The number of attacks in this region, however, decreased from 326 in November to 300 in December.

Ransomware attacks targeting South America increased from 35 to 404 in December vs November.

Europe was the second most targeted region, with 18% of ransomware attacks, or 100 attacks, in December 2024.

Only 37.4% of healthcare ransomware victims reported attacks to the HHS in 2023.

ZeroFox observed at least 4,950 separate ransomware and digital extortion (R&DE) incidents throughout 2024, which is significantly more than the approximately 4,000 incidents observed during 2023.

The industrials sector was the most heavily targeted sector, facing 24% of all ransomware attacks, totaling 1364, in December 2024.

There was 211 US healthcare ransomware victims in 2023 and 268 in 2024, a 27% increase.