In October 2024, ransomware attacks surged by 19%, hitting a total of 468 incidents globally. A large chunk of these occurred in the United States, coinciding with the controversial presidential election that seemed to motivate Russian-speaking threat actors. Matt Hull, head of threat intelligence at NCC Group, pointed out that the days leading up to the November 5 poll saw a sharp increase in cyber threats.
Nation states like Russia clearly impact the landscape of cyber attacks, especially during major geopolitical events. Hull noted that as nation states and organized crime groups start collaborating, it’s vital for businesses to maintain solid security practices, especially in password management and multi-factor authentication.
Looking at the numbers, North America, encompassing Canada and Mexico, experienced 272 of these ransomware incidents—about 56% of the total. Europe saw 97 attacks, making up 20%. Together, these two regions accounted for over three-quarters of all attacks last month.
One significant incident involved the Japanese electronics company Casio. A remote code execution vulnerability in Microsoft Office likely allowed Russian cyber crime group Storm-0978 to launch a double extortion attack. This not only targeted employee and partner data but also led to service disruptions.
The timing of this attack seems connected to rising tensions between Russia and Japan. With Japan strengthening its military ties with NATO and recent joint exercises with the U.S., Russia’s response through cyber attacks could be seen as a form of pressure. The report emphasizes how these cyber threats combine both strategic and financial motives.
On the ransomware operators’ front, RansomHub led the pack in October with 68 attacks, although that’s slightly down from the previous month. Play followed with about 55 attacks, and other notable groups included Killsec and Sarcoma.
The industrial sector remained the prime target, making up 30% of the attacks, while retail and healthcare also faced significant threats. Hull pointed out that attackers are increasingly focusing on high-value targets, especially organizations that are critical to national infrastructure, which can lead to maximum disruption and impact.