SK shieldus announced on the 27th that it has published the KARA (Korean Anti Ransomware Alliance) ransomware trend report for the fourth quarter of 2024.
KARA is a private ransomware response council led by SK shieldus. It consists of a total of seven corporations, including Trend Micro, Genians, Mandiant, Veritas, Carrot Insurance, and the law firm HwaWoo.
According to the report, the total ransomware incidents in the fourth quarter of 2024 reached 1,899, marking a 44% increase compared to the previous quarter (1,318 incidents). It also rose 38% compared to the same period last year. Amid active attacks from major ransomware groups, the "RansomHub" group recorded the highest number of incidents in the fourth quarter, causing 240 incidents. Additionally, the "Akira" group has been confirmed to disseminate ransomware by exploiting vulnerabilities in backup solutions.
Looking at the damage situation by industry, the manufacturing sector (421 incidents), retail/trade/transportation (197 incidents), and IT/telecommunications (189 incidents) were the main targets. There is also a growing trend of attacks targeting social infrastructure such as medical institutions and airports. In particular, the healthcare industry is emerging as a new target. The company advised that healthcare companies often have sensitive patient data but frequently lack robust security infrastructure, making extra caution necessary.
In fact, more than 1,500 patient records were leaked at a healthcare facility in Texas, and a Mexican airport operator suffered a breach of data amounting to 3TB (terabytes).
Recently, new ransomware groups such as "FunkSec," "Sarcoma," and "SafePay" have emerged, diversifying cyber attack methods. They are using more advanced techniques, including ▲ customized attacks using generative AI ▲ data theft through phishing websites ▲ attacks targeting multiple operating systems ▲ and exploiting leaked source code.