In 2023, there was a staggering 105% increase in known ransomware attacks against K–12 and higher education, surging from 129 attacks in 2022 to 265 in 2023.

According to the Malwarebytes report, 43% of all ransomware in education attacks in 2023 targeted higher education and 36% of attacks targeted K-12.

In 2023, Trustwave researchers monitored 352 ransomware claims against educational institutions.

In higher education specifically, ransomware attacks were up 70% over 2022.

The Highline Public School district has over 2,000 staff members and 17,500 students across 34 schools. All 34 schools were closed due to a ransomware attack.

The ransomware-as-a-service actor FunkSec was the most active in December 2024, responsible for 103 attacks, which is about 18% of all recorded attacks for the month. Check Point reported that FunkSec claimed to have targeted 85 victims in December.

The healthcare sector is the third-most targeted sector for ransomware attacks, following manufacturing and professional services.

47% of ransomware attacks against energy and utilities sector were in the United States.

There was a total of 374 tracked healthcare ransomware attacks in 2024.

There was a 58% month-on-month increase in attacks targeting Asia in December, rising from 58 attacks in November to 92.

61.6% of healthcare ransomware victims reported attacks to the HHS in 2024.

The industrials sector was the most heavily targeted sector, facing 24% of all ransomware attacks, totaling 1364, in December 2024.

The second most active ransomware group in December was Clop with 68 attacks, followed by Akira with 43 attacks and RansomHub with 41 attacks.

December 2024 saw the highest monthly volume of global ransomware attacks ever recorded, with 574 attacks detected by NCC Group. This is the highest number since they began monitoring ransomware activity in 2021.

There was a significant rise in healthcare ransomware attacks in 2024. From Q1 2023 to Q3 2023, healthcare was the 6th or 7th most targeted sector, but it jumped to third position in Q4 2023 and has remained there.

The most active ransomware groups targeting healthcare in 2024 were: Everest: 25% of attacks focused on healthcare organisations, INC Ransom: 21.7% of attacks focused on healthcare organisations, Monti: 20.8% of attacks focused on healthcare organisations, Rhysida: 18.5% of attacks focused on healthcare organisations, BianLian: 15% of attacks focused on healthcare organisations, Qilin: 14% of attacks focused on healthcare organisations, and Black Suit: 14% of attacks focused on healthcare organisations.

Only 37.4% of healthcare ransomware victims reported attacks to the HHS in 2023.

There was a 32.16% increase in healthcare ransomware attacks from 2023 to 2024.

There were 66 ransomware healthcare victims in Q1 2024, 87 healthcare victims in Q2 2024, 99 healthcare victims in Q3 2024, and 121 healthcare victims in Q4 2024.

Ransomware attacks targeting South America increased from 35 to 404 in December vs November.