Global ransomware attacks drop in June as law enforcement intensifies

In June 2024, global ransomware attacks dipped below this year's average for the first time since January, with a total of 331 attacks reported in the month, according to the latest figures from NCC Group's June Threat Pulse.

Compared to previous months in 2024, this reduction indicates a possible shift in tactics amongst major players, potentially driven by increased global law enforcement pressures aimed at curbing ransomware activities.

A notable highlight from the data is the decline in activity from the LockBit 3.0 ransomware group. In June, this group recorded merely 11 attacks, a significant drop from its usual activity levels. This decline is attributed to ongoing efforts by law enforcement to dismantle the group.

Meanwhile, Play emerged as the leading threat actor in June, with a total of 35 attacks. Following Play, RansomHub executed 27 attacks. According to reports from Microsoft, cybercrime group Octo Tempest, also known as Scatter Spider, has incorporated RansomHub and Qilin into its cyber arsenal. Akira RaaS was responsible for 20 attacks, while Cactus carried out 18 attacks in the same month. The activity levels of other threat actors such as Medusa and BlackSuit remained consistent with previous months.

Geographically, North America remained the most targeted region, experiencing 52% of the global attacks, totalling 173 incidents. Europe was the second-most targeted region, accounting for 27% of the attacks (90 incidents). Asia experienced 27 attacks, making up 11% of the total.

Regarding sectors, Industrials continued to be the most targeted, constituting 32% of attacks in June. This was closely followed by the Technology sector, which faced 50 attacks, and the Consumer Cyclicals sector with 46 attacks. The Government sector recorded 10 attacks, a reduction from previous months. This decline in attacks on the Government sector may be linked to the recent Operation Cronus crackdown on LockBit 3.0, which had previously been prevalent in targeting governmental entities.

Matt Hull, Global Head of Threat Intelligence at NCC Group, provided his perspective on the report's findings. "Overall, June's ransomware landscape was characterised by ongoing shifts, with LockBit 3.0's steep decline, and Play remaining a formidable force in the threat landscape," he stated.

"The cyber threat landscape in the first half of 2024 has been marked by a series of significant events that have had a profound impact on global cybersecurity. We have seen major cyber incidents that have disrupted businesses, healthcare systems, and critical infrastructure across North America, Europe, and the Asia Pacific region," Hull continued.

"These incidents have ranged from data breaches to aggressive ransomware attacks, highlighting the evolving nature of cyber threats and the increasing capabilities of cyber adversaries. Equally, we’ve seen how external pressures on ransomware operations can significantly disrupt even the most prolific threat actors. These changes underscore how cybersecurity resilience must persist as a key priority for organisations across all industries."