SAN FRANCISCO – 26th February 2025 – BlackFog, the leader in ransomware prevention and anti data exfiltration (ADX), today unveiled its 2024 State of Ransomware Report, a detailed analysis of ransomware activity from publicly disclosed and non-disclosed attacks globally.
The findings reveal ransomware attacks reached record levels throughout 2024. New groups, new variants and the volume in which they appeared during the year highlight why ransomware is one of the most pressing cybersecurity challenges for organizations worldwide.
Key Findings for 2024:
LockBit and RansomHub dominated variantsÂ
- LockBit, one of the most prominent ransomware gangs in recent years, remained the most active ransomware variant through 2024 affecting 603 victims. May was the busiest month, with nearly 200 attacks launched, accounting for 36% of all attacks that month. This surge followed news of the gang’s disbandment after its leader was unmasked earlier in the year.
- RansomHub, a newcomer to the scene in February 2024, was in second place, affecting 586 victims, including high-profile attacks on government entities and 78 victims in the global manufacturing sector. Although these industries have been heavily targeted, this group poses a significant threat to all organizations across the spectrum, with victims ranging from SMEs to large global corporations.
- In third place, the leading players varied by category. For disclosed incidents, financially motivated group Medusa accounted for 5%, with ransom demands by the group exceeding $40M. Play ransomware attacks made up 7% of undisclosed incidents with a total of 342.
Newcomers made an impactÂ
There was a huge increase in new variants compared with 2023, further evidence that organizations must remain vigilant and continue to adapt their cybersecurity measures. Across the year, 48 new groups emerged, a huge 65% increase from the number of new variants from the previous year.
A significant number of these – 44 new variants – were responsible for nearly a third, 32%, of all undisclosed attacks in 2024. In November and December, gangs that debuted in 2024 accounted for more than 50% of the attacks in each month.
Healthcare, Government, and Education are most targeted sectors
In terms of disclosed attacks, healthcare, government, and education accounted for 47% of all 2024’s ransomware news headlines. Healthcare saw a 20% increase over the previous year, government experienced a 15% increase, while attacks on the education sector experienced a decrease of 10%.  Â
Rate of data exfiltration reaches all time high
Extortion continued to be the primary tactic employed in 2024, as evidenced by the alarming surge in data exfiltration which reached an unprecedented high of 94%. Data exfiltration has become a central component of ransomware, with attackers increasingly combining data encryption with data theft and threatening to publish or sell sensitive information if ransoms are not paid. The stolen data often includes personally identifiable information, (PII) or intellectual property, which can be sold on the dark web.
“The report shows 2024 was a landmark year with organizations facing growing financial and reputational damage from ransomware attacks, with high-value sectors particularly pressured to pay ransoms to restore operations,” said Dr. Darren Williams, Founder and CEO of BlackFog. “As cybercriminals continuously refine their techniques to exploit vulnerabilities and launch large-scale attacks, defending against ransomware is becoming increasingly complex. Governments are stepping up efforts to counter this growing threat, introducing new measures such as mandatory ransomware incident reporting. However, the global ransomware crisis continues to escalate at an alarming rate. In this evolving threat landscape, proactive and preventative strategies to mitigate ransomware and data exfiltration have never been more crucial.”
2024 also saw significant sector rises in disclosed attacks for:
- Retail – a rise of 96% YoY
- Services – a rise of 88% YoY
- Finance – a rise of 66% YoY
- Critical Infrastructure remained a key target with 103 gas, electrical, or other energy companies were attacked.
The top three sectors for undisclosed attacks were: manufacturing (17.6%), services (12.2%) and technology (9.7%).
For a detailed look into the findings, download BlackFog’s 2024 State of Ransomware Report here.
MethodologyÂ
This report was generated in part from data collected by BlackFog Enterprise over the specific report period January – December 2024. It highlights significant events that prevented or reduced the risk of ransomware or a data breach and provides insights into global trends for benchmarking purposes. This report contains anonymized information about data movement across hundreds of organizations and should be used to assess risk associated with cybercrime.Â
Industry classifications are based upon the ICB classification for Supersector used by the York Stock Exchange (NYSE).Â
All recorded events are based upon data exfiltration from the device endpoint across all major platforms.
About BlackFog
Founded in 2015, BlackFog is a global AI based cybersecurity company that has pioneered on-device anti data exfiltration (ADX) technology to protect organizations from ransomware and data loss. With more than 94% of all attacks involving some form of data exfiltration, preventing this has become critical in the fight against extortion, the loss of customer data and trade secrets.
BlackFog recently won the “Best Threat Intelligence Technology” in the 2024 Teiss Awards, “AI-based Cybersecurity Innovation of the Year” award in the CyberSecurity Breakthrough Awards, as well as the 2024 Fortress Data Protection award for its pioneering ADX technology. BlackFog also won Gold at the Globee awards in 2024 for best Data Loss Prevention and the State of Ransomware report which recognizes outstanding contributions in securing the digital landscape.
Trusted by hundreds of organizations all over the world, BlackFog is redefining modern cybersecurity practices. For more information visit blackfog.com
Media Contact:
Related Posts
2024 State of Ransomware Annual Report
BlackFog’s 2024 State of Ransomware Annual Report reveals record-high attacks, new variants and rising threats. Download full report for key insights.
BlackFog’s 2024 State of Ransomware Report Reveals Record-Breaking Year For Attacks
BlackFog’s 2024 State of Ransomware Report reveals record attacks, 48 new variants, and 94% data exfiltration. Download now for key insights.
What is RCE Exploit? Understanding Remote Code Execution
Learn what RCE (remote code execution) exploits are, their risks, and how to prevent them. Discover strategies to secure your systems against malicious code execution in this article.
How to Prevent Ransomware from Affecting Your Network
Ransomware is set to be one of the biggest threats to businesses in 2025. What should firms keep in mind to prevent ransomware from affecting network assets?
The Value of a vCISO in Healthcare Cybersecurity
Discover how a vCISO helps healthcare organizations defend against cyber threats, ensure compliance, and enhance data security cost-effectively.
BlackFog Launches World’s First Anti Data Exfiltration Solution for macOS to Combat Ransomware
BlackFog launches the world’s first anti data exfiltration solution for macOS, preventing ransomware and data breaches with AI-powered security.