Spain is the fifth country with the most ransomware threats in 2024
Spain is the fifth most affected country worldwide with a total of 58 ransomware attacks in the first six months of 2024, 23% more than in the same period last year. This is one of the conclusions of the Threat Landscape Report, prepared by S21sec, led by the company's Threat Intelligence team , which analyses the evolution of cybercrime during the first six months of 2024.
According to the study, Spain has risen three places in the ranking of the most affected countries globally. LockBit is the most prominent threat, with a total of 18 attacks, followed by Ransomhub with 8, and Cactus with 5. In first position is the United States with more than 1,000 attacks, followed by the United Kingdom, Germany and Italy, the most affected countries in Europe with 136, 84 and 70 attacks, respectively. In terms of the most affected sectors in the first half of 2024, manufacturing ranked first with a total of 757 attacks, followed by consulting with 263 attacks and, in third place, the services sector with 170.
"Ransomware, which restricts access to the infected operating system and demands a ransom in exchange for removing this limitation, has shown a worrying growth trend over the last two years. In the first half of 2022, 1,466 attacks were recorded, a figure that has increased significantly to 2,175 attacks in the first half of 2024. In addition, the number of new ransomware families has been steadily increasing, showing a clear upward trend,’ said Lourdes Mora, Team Leader of S21sec's Threat Intelligence team.
Geopolitical conflicts
The geopolitical landscape of 2024 has been marked by the continuation of the armed conflicts between Russia and Ukraine and Israel and Hamas, and cybercriminals have taken advantage of this situation, causing serious repercussions that impact the international community. Both conflicts have transformed cyberspace into a battlefield of its own, where cyber tactics complement conventional military actions, increasing tensions and widening the scope of damage caused.
The war between Russia and Ukraine has been marked by the use of hybrid techniques. Both sides have used hacktivism and cyber-attacks to influence the course of the geopolitical situation. Pro-Russian and pro-Ukrainian hacktivist groups have directed their attacks against states that support their adversaries, targeting government websites, businesses and individuals.
Cyberattacks against critical infrastructures
Ransomware attacks have been particularly prominent among Russian actors, who have executed these attacks against countries sending aid to Ukraine. These threats have increased exponentially and are directed at specific targets in response to specific actions in the war, for example, the dispatch of fighter jets. Moreover, cyber-attacks not only disrupt IT services, but can also have physical repercussions if they target critical infrastructure such as power systems or transport networks.
Moreover, the conflict between Israel and Hamas has also spilled over into cyberspace since its escalation in October 2023. Hacktivist groups mobilised quickly and nimbly, with a predominance of pro-Palestinian activity, with a total of 70 hacktivist groups, compared to 25 pro-Israeli cybercriminal organisations. These groups are targeting key sectors for the activity and development of countries such as the energy sector, causing significant damage. Attacks on sectors such as education or the media are also seriously affecting the social stability of the countries.
"These groups mainly use Telegram channels and Dark Web forums to coordinate their attacks, which aim to cause significant disruption to the economy and regional security. The disparity in the number of hacktivist groups reflects a greater mobilisation in support of the Palestinian cause during the conflict, underscoring the complexity and intensity of the use of cyberspace in this war context,’ Mora says.
