Dive Brief:
- Global ransomware levels soared 50% in February compared with the prior month, driven mainly by attacks from the cybercriminal operation known as Clop, cybersecurity firm NCC Group said Wednesday in a report.
- February attacks reached an all-time monthly high of 886, up from 590 in January, NCC said, adding that nearly 40% of the incidents can be attributed to Clop activities. The increase follows Clop’s recent exploitation of vulnerabilities in software made by Cleo Communications, NCC noted.
- “The spike in overall attack numbers is, therefore, likely inflated due to the bulk release of victims breached in previous months,” the report said. As such, the latest numbers “should be considered carefully where representing the overall threat landscape,” it said.
Dive Insight:
Recent reports on the state of the ransomware threat landscape have been mixed.
A February study by blockchain analysis firm Chainalysis said ransom payments in 2024 decreased year-over-year by approximately 35%, driven by increased law enforcement actions, improved international collaboration, and a growing refusal by victims to pay. Ransomware attackers received about $813.55 million in payments from victims last year compared with the record-setting level of $1.25 billion in 2023, the research found.
However, earlier this month, The Travelers Companies, an insurer, published findings indicating that ransomware remains a significant threat. The fourth quarter of 2024 experienced the highest level of ransomware activity recorded in any prior quarter, with a total of 1,663 known victims posted on leak sites, according to that research. In addition, 55 new ransomware groups emerged last year — a 67% increase in group formation compared with 2023, the Travelers report said.
“A reasonable conclusion from the simultaneous increase in attacks and drop in revenue is that more organizations are better equipped to stand up to attackers by refusing to pay and accepting the consequences,” the report said. “While this marks progress of a sort in blunting financial losses from ransomware, it unfortunately does not mean an end to the costs of business disruption, IT system restoration, litigation and regulatory fines for exposed records.”
NCC, in its latest update, said ransomware is on the rise even though law enforcement operations have continued to mitigate the threat landscape by disrupting cybercriminal networks.
Organizations “must remain vigilant as they continue to face risks due to the adaptability of these groups against external pressures,” the cybersecurity firm warned.
