01Threat Actor Distribution
- Funksec accounted for 87 victims, representing 16.3% of total activity.
- RansomHub followed with 57 disclosures.
- Akira and Kill Security remained consistently active.
02Geographic Distribution
- USA represented 45.6% of all tracked victims.
- Others was among the next most impacted countries.
- Canada and India also saw notable activity.
03Industry Distribution
- Manufacturing remained the most targeted sector.
- Professional, Scientific, and Technical Services followed as a heavily impacted sector.
- Wholesale Trade and Information continued to be operationally critical targets.
04Threat Actor × Country Matrix
The matrix below shows how leading ransomware groups distributed their activity geographically.
Others
Kill Security
Akira
Play
Fog
Black Basta
Qilin
Lynx
Hunters
RansomHub
Funksec
USA
88
24
32
14
14
7
7
11
6
30
11
Canada
10
5
3
1
3
1
1
1
1
1
India
5
1
14
Brazil
9
2
4
2
2
Germany
4
1
2
4
1
Italy
4
1
3
3
1
2
Spain
4
3
2
1
2
UK
4
1
2
2
1
1
France
5
1
1
1
Australia
3
2
1
1
1
2
Singapore
6
2
2
Argentina
1
2
1
2
Mexico
3
1
1
1
Poland
2
1
1
1
UAE
5
Others
56
4
2
4
2
2
5
2
7
13
40
- USA activity was heavily concentrated in Others.
- Some actors demonstrated narrow targeting patterns.
05Threat Actor × Industry Matrix
This view highlights sector specialization across leading ransomware groups.
Others
Kill Security
Qilin
Lynx
Fog
Play
Hunters
Black Basta
RansomHub
Funksec
Professional, Scientific, and Technical Services
29
1
3
4
6
6
2
3
8
9
Manufacturing
35
1
2
5
4
5
3
9
11
2
Health Care and Social Assistance
22
2
1
5
2
Wholesale Trade
10
6
2
2
1
3
5
Construction
11
1
1
1
1
2
1
2
5
2
Retail Trade
7
2
1
3
2
1
2
9
Administrative and Support and Waste Management and Remediation Services
7
1
1
2
2
1
Educational Services
10
1
3
1
3
6
Information
8
2
1
2
2
2
21
Transportation and Warehousing
5
1
1
2
1
Finance and Insurance
18
6
2
1
1
1
1
2
7
Other Services (except Public Administration)
26
1
1
1
5
5
Public Administration
7
2
13
Accommodation and Food Services
1
1
1
1
Management of Companies and Enterprises
1
1
2
Mining
2
1
1
2
Real Estate Rental and Leasing
4
2
2
1
2
2
Arts, Entertainment, and Recreation
1
3
1
1
1
1
Utilities
1
1
1
Agriculture, Forestry, Fishing and Hunting
2
2
- Manufacturing activity was heavily concentrated in Others.
- Some actors demonstrated narrow targeting patterns.
06Six Month Trend Context
07Key Takeaways
- 534 ransomware disclosures were observed in December 2024.
- Funksec led activity with 87 victims.
- USA accounted for 45.6% of disclosures.
- Manufacturing remained the most targeted industry.
08Data Methodology and Sources
- Victim counts are based on publicly disclosed ransomware leak site postings tracked during the reporting period.
- Each victim is attributed to a single threat actor based on disclosure source.
- Industry classification is assigned using standardized sector mapping.
- Country attribution is based on headquarters location where identifiable.