Ransomware Attacks Drop as Global Law Enforcement Clamps Down

Ransomware attacks around the world may be declining. That’s the glimmer of hope in the Monthly Threat Pulse report for June 2024 from international security consulting firm NCC Group. The report revealed that the average number of attacks fell for the first time since January. Specifically, 331 attacks were recorded during June, marking a drop from earlier months in 2024. 

The cyber threat landscape is frequently viewed through the lens of the most significant and high-profile attacks on industries or specific organizations. The first six months of 2024 had plenty of those, and they certainly deserve the attention. However, the daily battles happening behind the scenes – which don’t get the same level of scrutiny, likely have a greater long-term impact than a single devastating attack and recovery. 

For example, there’s been a drop in ransomware attacks for the first time since January. While this is one trend of many, and there are typically varied reasons behind any rise or fall, at least one of the causes this time is clear: International law enforcement organizations are getting more aggressive and collaborative.

Source: NCC Group

The June 2024 Monthly Threat Pulse from NCC Group highlights that in recent months, powerful entities like the U.S. Federal Bureau of Investigation (FBI) and the UK’s National Crime Agency have identified and apprehended several major players in the cybercriminal world. As part of these efforts, authorities captured vital assets of the very active organization LockBit and arrested its leaders. As a result, LockBit 3.0 accounted for only 11 attacks recorded in June, a significant fall by any measure. It’s also likely that the long arm of the law working so effectively likely caused other criminal groups to back off somewhat. 

Related:Cybersecurity in 2024: Top Stories (So Far)

While the drop in attacks is indeed good news, it would help to keep an eye on other indicators. For example, there’s an apparent shift in priorities regarding targeted industries. To be clear, Industrials still holds the top spot with nearly a third of all attacks, while technology and consumer cyclicals are not far behind. However, the public sector saw only 10 attacks in June. It's uncertain if this is a side effect of the heavy law enforcement activity, but it's possible. 

And of course, while some things change, others don’t – North America is still the most targeted region, with a little more than half of all ransomware attacks worldwide, while Europe is far behind with 27%. 

NCC Group’s global threat intelligence team actively monitors data leak sites used by each ransomware group, scrapes victim details as they are released, records the data, and classifies victims by sector, deriving additional insights. NCC Group is now using a new data source for monthly data collection and will align its categorization with the Global Industry Classification Standard.

Related:What To Look for in a Network Detection and Response (NDR) Product