Global ransomware attacks surged in November 2024, with Critical National Infrastructure (CNI) organizations facing increasing threats as cybercriminals adapt their tactics.
According to NCC Group’s November Threat Pulse, ransomware attacks have hit new highs, increasing both month-on-month and year-on-year. The report recorded 565 attacks globally in November 2024, up from 486 in October and 438 in November 2023. This relentless rise highlights the growing sophistication and persistence of threat actors, with the industrial sector and CNI organizations being particularly vulnerable.
The Escalating Threat Landscape
The industrial sector remains the primary target for ransomware, accounting for 33% of all attacks globally. These organizations, integral to Critical National Infrastructure (CNI), face escalating risks due to their strategic importance and the cascading consequences of operational disruptions. Cybercriminals, often blurring the lines between traditional hacking groups and state-sponsored entities, continue to exploit geopolitical tensions to refine their tactics.
Matt Hull, head of Threat Intelligence at NCC Group, underscores the severity of this trend. “The relentless activity of cyber threat actors has almost become commonplace. Collaboration between threat groups and the overlap of criminal and state-sponsored motives make the threat landscape increasingly dynamic and harder to predict.”
The November report also highlighted significant regional disparities. North America, with 326 recorded attacks, accounted for 58% of all incidents—a marked increase from October’s 272 attacks. Europe followed with 114 attacks, driven by espionage activity targeting its energy sector. Asia experienced a slight decline in attacks, while South America and Africa both saw notable increases.
Key Players and Their Impact
The ransomware threat landscape is dominated by several key actors, with Akira leading November’s activity with 87 recorded attacks. RansomHub, which previously held the top spot, ranked second with 80 attacks, followed by ElDorado and Killsec.
Of particular concern is the Russian-linked threat group Sandworm, known for its sustained espionage activity across North America and Europe. Sandworm’s focus on energy infrastructure underscores the broader geopolitical context driving ransomware campaigns, particularly those targeting critical industries.
The Consumer Discretionary sector, including industries such as retail and entertainment, recorded 119 attacks, while the Information Technology sector faced 72 attacks, highlighting the pervasive reach of ransomware across multiple sectors.
Staying Ahead of the Threat
The continued rise in ransomware attacks demands a proactive and comprehensive approach from organizations. With the holiday season typically accompanied by a surge in phishing and scam attempts, businesses must remain vigilant. Threat actors often capitalize on human error and seasonal distractions to launch their campaigns, making awareness and preparedness critical.
Key defensive strategies include robust endpoint protection, real-time threat monitoring, and regular employee training to identify and mitigate phishing attempts. For organizations in high-risk sectors, such as CNI, collaboration with industry peers and government agencies can bolster defenses against sophisticated, targeted attacks.
As ransomware evolves, the emphasis must shift from reactive measures to anticipatory strategies. Cyber resilience—built on robust cybersecurity frameworks, real-time intelligence sharing, and adaptive defenses—offers the best chance of mitigating the impact of increasingly coordinated and dynamic threats.
The 2024 threat landscape serves as a stark reminder that ransomware isn’t just a technical issue; it’s a business continuity and national security concern. Organizations must treat it as such, investing in both technology and education to protect against this ever-present danger.
