Ransomware attacks increase: $460 million paid in H1 2024

Recent findings reveal increased ransomware attacks and profitability, raising concerns about current cybersecurity measures. 

What happened

A report from Chainalysis reveals a shift in ransomware tactics, with groups increasingly targeting larger organizations. While these attacks may be more challenging to execute, the potential for massive disruption and substantial data theft allows ransomware groups to demand higher payments. Increasing demands are evident in attacks from groups like Dark Angels ($75 million) and BlackSuit ($60 million) earlier this year.

In the first half of 2024 alone, victims paid $459.8 million to ransomware groups, a 2% increase from the record-breaking $449.1 million paid in the same period the previous year. If this trend persists, 2024 ransomware payments could surpass the $1.1 billion mark set in 2023.

Related: HIPAA Compliant Email: The Definitive Guide. 

Going deeper

The Coveware report reveals a growing trend among ransomware groups, where data exfiltration-only attacks have become more profitable, evidenced by a 43% payment rate in Q2 2024. Despite this, the overall percentage of victims paying ransom has decreased. In Q1 2019, 85% of victims complied with ransom demands, but by Q1 2024, this figure had dropped to 28%, with a slight increase to 36% in Q2 2024.

There has also been a shift in primary attack vectors. Phishing saw a resurgence in Q2 2024, responsible for nearly 25% of ransomware attacks, while remote access compromises are the most common initial access method, used in just under 30% of attacks.

Ransomware groups are increasingly prioritizing data exfiltration over encryption, resulting in longer dwell times. The extended period gives security teams more time to detect and respond to these attacks, potentially reducing data theft and avoiding the disruption caused by file encryption.

What was said

Disrupting cybercrime hinges on breaking down its supply chains, which include attackers, affiliates, partners, infrastructure service providers, launderers, and cashout points. Since the operations behind ransomware attacks are predominantly blockchain-based, law enforcement, equipped with effective solutions, can trace the financial flow to gain insights and dismantle these criminal activities. Corsin Camichel, a researcher with eCrime.ch, remarks, "I believe takedowns and law enforcement actions like Operation Cronos, Operation Duck Hunt, and Operation Endgame are essential in curbing these activities and signaling that criminal actions will have consequences."

Why it matters

The severity of ransomware attacks presents a challenge for organizations across all sectors. As attackers sharpen their strategies and focus on high-value targets, the potential consequences can include financial losses, infrastructure damage, operational disruptions, and sensitive data being compromised. The shift in tactics, such as increased focus on data exfiltration and the resurgence of phishing, indicates a more calculated approach from cybercriminals, leaving organizations with less room for error. Combatting this growing threat demands stronger cybersecurity defenses and a coordinated response involving law enforcement, industry collaboration, and continuous adaptation to stay ahead of increasingly sophisticated adversaries.

FAQs

What is ransomware?

Ransomware is malware that holds a victim's data hostage by encrypting it or restricting access to the system. The attackers then demand a ransom in exchange for the decryption key or the restoration of system access.  

What can organizations do to protect themselves from ransomware attacks?

Experts recommend a multi-layered approach to ransomware defense, including people-focused initiatives, advanced processes, and deploying security technologies. Proactive measures to prevent initial access and minimize attack surfaces are necessary in the fight against these threats.

How can the cybersecurity community respond to the growing ransomware crisis?

Collaboration, information sharing, and developing new defensive strategies will be fundamental in the ongoing battle against ransomware. Governments, security vendors, and organizations must work together to stay ahead of the constantly changing tactics employed by cybercriminal groups.