In 2024, the landscape of ransomware attacks will continue to evolve, drawing from past trends while adapting to new defences and technologies. This blog will look into how ransomware is changing in 2024.
A big year for Ransomware in 2023
2023 was marked by a significant uptick in ransomware activities, with some reports considering it one of the most successful years for ransomware groups in history.
According to Checkpoint, 10% of organisations worldwide were targeted by an attempted ransomware attack in 2023, up from a total of 7% recorded in 2022.
The number of ransomware victims, increased 55.5% over the previous year. The fourth quarter of 2023 alone documented 1,154 ransomware incidents globally, underscoring the severity of the threat.
Industry-Specific Targets and Costs
Ransomware does not discriminate, hitting various sectors from education to healthcare, finance, and government. Notably, the education sector emerged as one of the most targeted by ransomware attacks, with higher education institutions reporting significant impacts on business and revenue. The healthcare sector also felt the brunt, with attacks targeting hospitals and secondary institutions like dental services and nursing homes.
Financially, the consequences of ransomware attacks are staggering. The median ransomware demand in 2023 was $650,000. It was also the first time Ransomware payments surpassed the $1 billion mark, the highest number ever seen. Yet, this financial burden is only part of the picture. The operational disruptions and damage to reputations can be far more costly in the long run.
2024 Predictions and Evolutions
AI and Ransomware
Looking ahead, ransomware is expected to continue evolving. Attack methods are predicted to exploit cloud and VPN infrastructures more aggressively. The sophistication of these attacks is anticipated to increase, partly due to the potential misuse of generative AI technologies. These advancements could lead to more advanced phishing campaigns and ransomware exploitation, presenting new challenges for cyber security defences.
At the end of January 2024 the NCSC issued a warning over the threat posed by AI and its use in ransomware. The report indicates that AI technology is set to lower the threshold for entry into cybercrime, enabling even those with minimal skills, such as hackers-for-hire and hacktivists, to execute more sophisticated access and data collection efforts. This democratisation of advanced techniques, bolstered by AI's capacity to refine victim targeting, is expected to amplify the global ransomware threat over the next two years.
Ransomware and Zero-Days
The use of zero-day vulnerabilities by ransomware groups like CL0P, which significantly impacted the landscape in 2023, is expected to trigger a shift in ransomware strategies towards a more aggressive, vulnerability-focused model. This could potentially increase the number of victims exponentially if more groups start adopting similar exploitation techniques.
Prominent Ransomware Gangs in 2024
As the ransomware landscape continues to evolve, so do the groups behind these malicious campaigns. Here’s just some of the gangs active in 2024:
LockBit was a dominant force, before law enforcement from 10 countries disrupted the criminal operation of the group at every level, severely damaging their capability and credibility. Despite law enforcement claiming that the group was disrupted it appears it was only a temporary reprieve as the group quickly reemerged with a new leak site that listed dozens of new victims.
CL0P has leveraged zero-day vulnerabilities, notably in the MOVEit breach, demonstrating their capability to exploit security gaps. It has exploited thousands of organisations with the true scale of the impact still unknown.
PLAY Group emerged rapidly, targeting a wide range of organizations and underscoring the dynamic nature of ransomware threats. Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data. Ransom notes do not include an initial ransom demand or payment instructions, rather, victims are instructed to contact the threat actors via email.
Akira emerged in 2023 and was one of the most ‘successful’ gangs of the year. From its initial attacks, Akira emerged as a formidable ransomware threat in the cyber security landscape for small to medium-sized businesses, posting hundreds of alleged victims on its data leak site.
Mitigation and Protection Strategies
To combat the threat of ransomware, a multilayered approach to IT security is essential. This includes maintaining a defence-in-depth security program, employing advanced protection technologies, educating employees about the risks of social engineering, patching regularly, backing up critical data frequently, and preparing for ransomware attacks through tabletop exercises.
To enhance organisational security against ransomware and other cyber threats, consider implementing the following practical strategies:
- Robust Data Backup: Regular, secure backups of critical data can nullify the leverage ransomware attackers have by ensuring access to data is maintained, even in the event of an attack.
- Cyber Awareness Training: Educate employees on identifying phishing attempts, a common ransomware delivery method. Training should cover recognizing suspicious email features and the importance of not clicking on unknown links or attachments.
- Up-to-Date Patches: Apply security patches promptly to close vulnerabilities that could be exploited by ransomware. Ensure all software and systems are regularly updated.
- Strengthening User Authentication: Implement strong password policies and multi-factor authentication (MFA) to protect against unauthorised access. Educate staff on the risks of phishing attacks aimed at stealing credentials.
- Anti-Ransomware Solutions: Deploy solutions specifically designed to detect and prevent ransomware by monitoring for suspicious behaviours indicative of an attack, stopping it before it can encrypt files.
- Utilise Better Threat Prevention: Incorporate automated threat detection and prevention systems, including email and file activity monitoring, to identify and block potential ransomware attacks early. Leveraging AI in cyber security enhances these efforts by providing advanced detection capabilities and augmenting human expertise.
With ransomware groups becoming more sophisticated and targeting a broader range of industries, the importance of robust cyber security measures has never been more important. Want to find out how you can defend your data from ransomware?