NCC Group Reveals a Decline in Ransomware Activity

The global cyber threat market can often be described only with a parade of bleak numbers – more attacks with more variants on more targets, etc. But there are also times when a little more nuance is in order.

NCC Group’s Threat Pulse report for April 2024 is likely in the latter category. To be sure, there are still many ransomware attacks worldwide, but this report identifies a drop from the month before – 421 to 356. At the same time, year-on-year ransomware attacks in April increased, albeit only by 1% (352 in 2023 to 356 in 2024).

On a perhaps related note, the ransomware cybercriminal landscape has experienced its share of turbulence. Lockbit 3.0 has led this market for the past eight months, but it has now lost some of its clout. The group was taken down in February, and its influence has been diminishing. In April, its share of attacks plummeted by a whopping 60%.

Of course, there are other cyber gangs ready to step up. Play gained the top spot with 32 attacks (accounting for 14% of all April attacks). This represents a significant move up the ladder since the beginning of this year – it is now a recognizable player in ransomware attacks. Building on double-extortion tactics, Play ransomware exfiltrated data and then encrypted systems. The perpetrators then threatened data exposure to pressure their victims to pay.

Related:Identifying and Mitigating DDoS Attacks

In some ways, target markets have remained largely consistent. For example, industrials again took the top spot, this time with 34%, followed again by consumer cyclicals, this time with 18%. Similarly, North America and Europe continued to dominate the total number of regional ransomware attacks with over 80% of cases.

North America did experience 15 fewer attacks in April, while attacks in Europe decreased by 35% with 42. However, the decline in attacks across continents has led to the proportion of attacks increasing from 53% to 58%.

Global ransomware attacks by month, 2023 – 2024. Credit: NCC Group

Looking elsewhere, NCC Group expects a shift in trends in South America and Africa. While these regions were in fourth and seventh place respectively in April, a recent report stated that developing nations have become a “proving ground” to test the viability of new malware packages and attack methodologies.

The April edition of the NCC Group Threat Intelligence Team’s monthly Threat Pulse report contains a summary of observed ransomware attacks around the globe; an introduction to artificial intelligence, the types of threats AI can pose, and how AI can be used to bolster security teams’ defenses; a threat hunt done in collaboration with NCC’s Security Operations Centre; and finally a threat spotlight on a recently discovered and quickly evolving mobile malware, Vultur.