The recent report published by the Israel National Cyber Directorate on cybercrime in Israel reveals that in 2024, more than 300 ransomware attacks were documented in the country—most likely carried out by cybercriminals. However, the actual number is estimated to be significantly higher, as many incidents likely went unreported.
An analysis of the main sectors targeted by ransomware attacks shows that law firms and accounting offices are the most preferred targets for cybercriminals, followed by dental clinics and businesses in the hotel and hospitality industry. Other sectors reported this year include logistics companies, garages, and manufacturing plants.
The most common types of ransomware malware observed in Israel include: Phobos, STOP/DJVU, and variants based on the LockBit Builder.
“Small and medium-sized businesses continue to be a primary target for cybercriminals due to weak cyber defenses and a lack of regulatory oversight,” explains Sophie Sterik, a threat researcher at the National Cyber Directorate. “A proper and up-to-date backup is not a luxury—it’s a basic condition for business survival. Alongside cybersecurity tools, employee training, and identity and access management, a separate and offline backup is the safest way to recover quickly in the event of an attack. It’s the last—and sometimes only—line of defense.”
The report also states that 6,133 organizations worldwide were affected by ransomware attacks in the past year—a 15% increase compared to the previous year. The number of global infections by infostealer malware reached 39,119,905 in 2024, with stolen data often sold for relatively low prices on the darknet. In Israel, for example, 52,913 infostealer infections were identified on various endpoints.
The most common infostealer malware types in 2024 include: RedLine, Generic Stealer, Lumma, Raccoon, and StealC.
Cyber attackers’ activities in the past year have been marked by a desire to achieve maximum impact with minimal effort. The INCD identified several cases in which attackers used previously leaked data and presented it as new data leaks, allowing attack groups to claim credit for attacks they didn’t actually carry out and gain exposure—while damaging the reputation of the supposedly “breached” organizations.
According to the report,
“Law enforcement agencies around the world have shifted their approach to handling cybercriminals—focusing less on catching individual offenders and more on dismantling infrastructure and systems that enable criminal operations, while examining the broader network connections between offenders. The goal is to disrupt operations over the long term, thereby making cybercrime less profitable.”
Looking ahead to 2025, the INCD forecasts include:
- Advanced use of AI to enhance attack tactics
- A rise in low-cost, high-impact attacks
- Attacks leveraging leaked personal information
- Exploitation of zero-day vulnerabilities
- Increased AI-driven phishing and social engineering attacks
On the defense side, greater cooperation between law enforcement and the private sector is expected.
