India witnessed a dramatic increase in the number of ransomware attacks in the fourth quarter of 2024. While the whole year witnessed 99 ransomware incidents in the country, the fourth quarter registered 44, or 50 per cent of its total annual ransomware attacks.

A total of 5,414 ransomware attacks were published worldwide in 2024, an 11 per cent rise over 2023. Though the first quarter saw a decrease in activity, attacks steadily increased, ending in a significant surge during the fourth quarter, which accounted for 1,827 incidents, or 33 per cent of all attacks for the year, according to Check Point’s Ransomware Report 2024.

The top 10 most targeted countries in 2024 remain nearly unchanged from 2023 with India replacing the Netherlands in the tenth position.

The second half of 2024 saw 46 per cent more incidents than the first half and 17 per cent more than the second half of 2023, reflecting a sharp surge in ransomware activity during this period. This can be attributed to the significant jump in new professional groups potentially formed from experienced affiliates of legacy groups.

The year also brought significant developments, including law enforcement actions targeting large ransomware operations like LockBit in February 2024, resulting in arrests, identity revelations of group leaders, and the seizure of cybercriminal infrastructure.

“The crackdown on major ransomware groups led to their fragmentation, fostering increased competition among smaller ransomware gangs and enabling other threat actors to gain Prominence,” the report said.

This shift is evident in the rise of 95 active ransomware groups in 2024, a 40 per cent increase from the 68 groups active in 2023.

Among the 46 new groups that emerged, RansomHub stood out as a dominant force, even surpassing the well-established LockBit in activity.

These new entrants, such as FOG, Lynx, APT73, and Eldorado, have reshaped the threat landscape, accounting for a growing share of ransomware incidents. The top 10 groups were responsible for 52.8 per cent of attacks.

The United States remained the most targeted country in the fourth quarter, experiencing 936 ransomware attacks within its borders. India, this quarter accounted for over 50 per cent of the ransomware activity recorded throughout the entire year.

Top 10 Targeted Industries

The business services sector maintained its position as the most targeted industry in the fourth quarter of 2024, with 451 recorded attacks. This is followed by retail (279 attacks); manufacturing (201); construction (107); finance (85) healthcare (78); and education with 77 attacks.

The rise of Ransomware-as-a-Service (RaaS) is anticipated to further lower entry barriers for new actors in the ransomware ecosystem, leading to a surge in new groups and more diversified attack strategies.

The focus on double and triple extortion models will grow, with threat actors increasingly employing data theft, public shaming, and persistent denial-of-service (DDoS) tactics to amplify ransom demands. Additionally, the abuse of cloud-based tools for exfiltration, as seen in 2024, will likely continue as threat actors exploit organizations’ increasing reliance on cloud infrastructure.

Published on March 18, 2025