December 2024 shattered records for ransomware attacks, according to the cybersecurity firm NCC Group. They reported 574 confirmed incidents for the month, with a new player in the game, Funksec, responsible for over 100 of those attacks.
This was the highest number of attacks NCC has recorded since launching their Threat Pulse index in 2021, surpassing November 2024’s count of 565 and far exceeding December 2023’s total of 387. The industrial sector seemed to take the hardest hit, while North America and Europe stood out as the most targeted regions.
“Usually, December is a quieter month for ransomware, but last month turned that trend upside down,” said Ian Usher, associate director of NCC. He emphasized the need for organizations to stay alert. “No one is safe, and companies must strengthen their cybersecurity defenses. It’s essential that teams are trained and ready to adapt as ransomware threats evolve.”
NCC pointed to several reasons behind the surge in attack volumes, with familiar culprits like poor security practices and awareness at play. New technologies, including artificial intelligence, might also be influencing these attacks. While there’s no concrete evidence linking AI to December’s incidents, experts have warned that criminals could be using these tools to gather information, identify targets, and enhance phishing attempts.
Funksec appears to be a significant factor in this rise. Analysts at Check Point noted the gang might be utilizing AI to boost its operations. In just one month, NCC confirmed 103 attacks linked to Funksec, while Check Point reported 85. This far exceeded other groups like Clop/Cl0p, which had 68, Akira with 43, and RansomHub with 41.
Funksec employs double extortion tactics, targeting victims across several countries, including France, India, Thailand, and the United States, across diverse industries such as government, healthcare, and technology. However, Check Point raised concerns about Funksec’s credibility, pointing out that many of its claims seemed recycled or unverified. Their research indicated possible links to Algeria, suggesting a mix of financial and hacktivist motivations.
NCC stated that despite the uncertainties, Funksec is a versatile threat worth monitoring as we move into 2025. Usher cautioned, “New and aggressive actors like Funksec are emerging, indicating a more turbulent threat landscape ahead. If ransomware groups are getting bolder and smarter, we should expect more frequent attacks across all sectors.”
Looking back at 2024, it’s clear this was a standout year for ransomware. Analysts from ZeroFox reported 4,950 incidents, an increase from around 4,000 in 2023. This count primarily reflects cases where victims did not pay or were still negotiating, meaning the true number was likely much higher.
ZeroFox tracked the emergence of 45 new ransomware gangs in 2024. Many of these groups established themselves quickly and posed a genuine threat to businesses, reflecting a shift in the landscape. Factors contributing to this increase include law enforcement actions that have freed up individuals formerly tied to gangs like LockBit and the professionalization of underground cybercrime markets.
Among these rising threats, RansomHub stood out, skyrocketing from five attacks in February to 97 in November. This gang accounted for about 10% of all observed incidents, with 216 attacks reported in the last quarter alone. It demonstrated technical skill and quickly adapted its tools to counter detection efforts, collaborating with affiliate operatives along the way.