Back to Insights

Ransomware Surge in 2024

Cyber security 08/21/2024 - 15:01 by Lakshmi Narayanan

The year of 2024 has seen a drastic rise in ransomware attacks, thereby highlighting an alarming increase in both the frequency and sophistication of the perilous cyber threats. Building on the already high levels of ransomware activity in 2023, this year has marked a significant escalation to shed light on the severity of the ransomware attack. The surge in data breaches and the proliferation of ransomware leak sites signify the adverse impacts caused by these malicious operations.

Key Ransomware Trends in 2024

  • Over 2,500 ransomware attacks have been reported in the first half of 2024, with an average of more than 14 publicly disclosed attacks per day. These figures are solely based on data from monitored leak sites, but the actual number of attacks may be much higher, as numerous incidents went unreported in an unfortunate way.
  • Rise in ransomware leak site activity: The potential trend of posting stolen data on leak sites has grown on an average of 24 per month in H1 2023 to 40 per month in H1 2024. This growth is largely and particularly driven by the shift towards double extortion tactics, where cybercriminals not only encrypt data but also exfiltrate it for added leverage.

Shift in Ransomware Targeting

  • Focus on Small to Midsize Businesses: There is a noticeable trend of ransomware attacks that target small to midsize companies, particularly those with around $5 million in annual revenue. These businesses are increasingly vulnerable due to weaker cybersecurity defenses and the availability of network access through the form of underground forums.
  • Fluctuating Activity of Major Ransomware Groups:
    1. The LockBit ransomware group sadly experienced a sudden decline in activity in June 2024, coinciding with the FBI's seizure of 7,000 decryption keys. This disruption, coupled with the rumors of internal conflicts, may have affected the group's operations.
    2. The emergence of the RansomHub ransomware group and the concurrent disappearance of the AlphV (BlackCat) group have raised questions about possible connections. While there are similarities in their ransomware codes, more evidence is necessary to validate a clear association.

Notable Ransomware Observations

  • Dark Angels Group's High-Value Targets: Despite their involvement in a $75 million ransom attack, the Dark Angels group is absent from the most active ransomware actors list. Their untoward focus on targeted, high-value attacks rather than widespread operations has limited their visibility in volume-based reports.
  • Technical Analysis of Ransomware Code: The Technical Analysis report utilizes advanced techniques, such as the Jaccard similarity coefficient and the Machoc Hash, to analyze connections between different ransomware families. While these analyses suggest possible links, they are not yet definitive and concise.

Importance of Cybersecurity Best Practices

Despite the evolving tactics of ransomware groups, many businesses continue to overlook essential cybersecurity measures. The report highlights the adverse impacts of several critical vulnerabilities:

  • Failure to Implement Multi-Factor Authentication (MFA): MFA remains a crucial cog yet often continues to be a neglected defense mechanism against unauthorized access.
  • Neglecting Critical Patches: Unpatched vulnerabilities serve as a primary entry point for ransomware attackers.
  • RDP and VPN Security Gaps: Remote Desktop Protocol (RDP) and Virtual Private Network (VPN) access points have been frequently exploited due to inadequate security measures.

Conclusion: Strengthening Cybersecurity in 2024

The state of ransomware in 2024 is characterized and marked by a troubling increase in attacks, data leaks, and the evolution of more sophisticated tactics. As the threat landscape continues to grow more dangerous, businesses must reinforce their cybersecurity defenses to protect against the ever-present risk of ransomware.

To mitigate and thwart these risks, companies should prioritize the implementation of basic cybersecurity practices, including:

  • Rigid Enforcement of Multi-Factor Authentication (MFA).
  • Frequently patching and updating systems to close vulnerabilities.
  • Aptly Securing Remote Desktop Protocol (RDP) and Virtual Private Network (VPN) access points.

By focusing on these cybersecurity fundamentals, businesses can effectively defend against the increasing ransomware threats in 2024.