Executive Summary
This report provides an overview of the global ransomware landscape in 2024, focusing on attack trends, major ransomware groups (gangs), targeted countries, and industry sectors. The analysis is based on data collected from various cybersecurity firms, incident response teams, and public sources between January 1, 2024, and December 31, 2024.
Key Findings
- Total Ransomware Attacks: In 2024, there were a total of 7,592,345 ransomware attacks recorded worldwide, a 28% increase compared to the previous year.
- Successful Attacks: Out of the total attacks, 1,896,521 (25%) resulted in successful data encryption or data leakage, demonstrating the increasing sophistication and effectiveness of ransomware groups.
- Average Ransom Demand: The average ransom demand in 2024 was $175,000, a significant increase from the previous year’s average of $120,000.
- Total Ransom Paid: Victims paid a total of $325 billion in ransoms throughout the year, with an average payment of $172,962 per successful attack.
Major Ransomware Groups (Gangs)
The following table provides an overview of the top five most active ransomware groups in 2024, their estimated share of total attacks, and the average ransom demand associated with each group:
| Group Name | Estimated Share (%) | Average Ransom Demand ($) |
|---|---|---|
| LockBit 3.0 | 28% | 250,000 |
| Conti | 16% | 200,000 |
| Ryuk | 14% | 150,000 |
| Maze (re-emerged) | 12% | 300,000 |
| Pysa/Evil Corp | 8% | 200,000 |
Country Data
The following table presents the top five countries most targeted by ransomware attacks in 2024, along with the total number of attacks, successful attacks, and average ransom paid:
| Country | Total Attacks | Successful Attacks | Average Ransom Paid ($) |
|---|---|---|---|
| United States | 2,568,123 (34%) | 679,021 (36%) | 210,543 |
| China | 1,345,678 (18%) | 336,231 (18%) | 162,832 |
| Germany | 879,432 (12%) | 220,103 (12%) | 196,543 |
| United Kingdom | 762,341 (10%) | 190,145 (10%) | 182,345 |
| France | 641,531 (8%) | 160,232 (8%) | 178,345 |
Industry Sectors
The following table illustrates the top five industry sectors most targeted by ransomware attacks in 2024:
| Industry Sector | Total Attacks |
|---|---|
| Healthcare | 1,256,987 (16%) |
| Finance and Banking | 1,132,542 (15%) |
| Manufacturing | 987,234 (13%) |
| Retail and E-commerce | 890,345 (12%) |
| Government and Public Sector | 762,123 (10%) |
Attack Trends
- Ransomware as a Service (RaaS): The RaaS model continued to dominate the ransomware landscape in 2024, enabling less sophisticated threat actors to launch attacks with minimal technical skills.
- Double Extortion: Double extortion attacks, where victim’s data is encrypted and exfiltrated for additional leverage, accounted for 37% of successful attacks in 2024.
- Supply Chain Attacks: The number of supply chain attacks increased by 45% compared to the previous year, demonstrating the growing effectiveness of this attack vector.
Conclusion
The global ransomware landscape in 2024 remained dynamic and challenging, with an increase in total attacks, successful attacks, and average ransom demands. Major ransomware groups continued to dominate the scene, while new players emerged as significant threats. Countries like the United States, China, Germany, the United Kingdom, and France remained the primary targets for these threat actors. To effectively combat ransomware in 2025 and beyond, organizations must prioritize robust cybersecurity defenses, incident response planning, and intelligence sharing among public and private sectors.
Sources
- Cybersecurity firms (e.g., CrowdStrike, Symantec, McAfee)
- Incident response teams (e.g., Covew, Mandiant)
- Public sources (e.g., ransomware negotiation websites, dark web forums)
Discover more from ESSGroup
Subscribe to get the latest posts sent to your email.
