Ransomware Trends and Solutions For 2024

According to the 2023 Verizon Security Report, ransomware became involved in 24% of all cyber breaches. Ransomware attacks no longer affect one aspect of an organization. Legacy ransomware focusing on encrypting files for ransomware caused minimal to substantial damage to organizations. Modern-day ransomware impacts far more than previous attacks. In 2023, German companies faced cyberattacks like ransomware malware, password attacks, and phishing. 31% of businesses were affected, with CEO fraud being the least common attack.

This article discusses the various trends surrounding ransomware attacks and what organizations can do to help prevent propagation from spreading across their enterprise.

Organizations have several options to help stop ransomware, including deploying artificial intelligence-enabled email security tools and endpoint security software and partnering with firms like Forenova Security to leverage their managed detection and response (MDR) services.

What is the Current Ransomware Landscape in 2024?

Data breaches from ransomware continues to grow in 2024, partially because of the continuous success hackers have achieved. Supply chain attacks, double extortion, and attacks against unpatched systems continue to become hackers' most preferred attack surfaces in 2023 and 2024.

• Supply Chain: The cl0p ransomware group is one of the most formable teams. Over the last several years, this group impacted close to 1500 organizations with their attack on Kaseya and SolarWinds. This group, along with other hacker groups, realizes the gain by hitting the supply chain, which leads to more accessible ways to affect multiple organizations within the same kill chain.
• Double Extortion: Legacy ransomware attacks focus on encrypting their victims' files and demanding a ransom payment. Double extortion emerged as a next-generation attack method that included encrypting the victims in multiple locations and threatening them with the release of their data unless they pay the ransom in Bitcoin or cryptocurrency.
• Attacking Unpatched Systems: Organizations struggling to patch their hosts, VMs, and applications will probably be victims of a ransomware attack in 2024. Thanks partially to the hacker's investment in developing their AI-powered hacking tools, this next-generation attack method enables cybercriminals to deliver their malware payload within exceptionally well-crafted email phishing messages, encouraging users to click on malicious links to instigate the download. This malicious file contained ransomware malware capable of moving laterally through the victim's networking and exploiting unpatched hosts.

What are the Most Prolific Ransomware Attacks?

2023 witnessed several national and international ransomware attacks causing financial and operational damage to their targets. These attacks spread across manufacturing, education, government, and airlines. Most of these attacks either followed the traditional method of encrypting files until the ransom was paid or the hackers released portions of the stolen content to entice their victims to pay up.

Germany 2022 – Semikron and Continental.

In August 2022, Semikron, a German semiconductor manufacturer, experienced a ransomware attack that partially encrypted its network, with the attackers claiming to have taken 2TB of documents.

Continental, a German automotive parts company, was attacked by LockBit ransomware in October. The attackers claimed to have stolen 40TB of files and demanded $50 million for the data.

TSMC - Taiwan Semiconductor

In June 2023, this Taiwan-based semiconductor manufacturer suffered a crushing ransomware attack allegedly caused by the global hacker group Lockbit. International law enforcement classifies this attack as a supply chain attack. The ransomware attack happened against a TSMC's supply chain partner. Lockbit successfully executed the attack against Kinnmax. Because of this attack, Lockbit demanded a ransom of $70 million. While TSMC didn't become breached because of the attack on Kinnmax, they disconnected this supplier from their data-sharing portal. The hackers attempted to extort TSMC by threatening to expose their files.

TSMC held firm and did not pay any ransom. However, this attack had a financial and operational impact on their supply chain as they continued disconnecting other ecosystem partners from the data-sharing portal.

City of Dallas, Texas

Ransomware attacks against local, state, and federal governments are widespread. In 2023, the City of Dallas, Texas, became the latest victim of ransomware by the known hacker group Royal.

On Wednesday, May 03, 2023, Royal started a ransomware attack on the City of Dallas by encrypting servers with Microsoft tools. The city quickly responded by taking high-priority services offline. City teams worked on removing Royal from the network before starting service restoration. Resources were restored for restoration efforts, with some services like Public Safety Computer-Aided Dispatch being restored immediately.

More importantly, the City of Dallas did not pay a ransom to Royal. However, they paid close to 8.5 million dollars in damage and clean-up costs because of the attack.

University of Hawaii

In July 2023, the University of Hawaii disclosed that it had paid ransomware attackers. The incident occurred before July, when NoEscape, a previously unknown hacker group, targeted Hawaiian Community College with ransomware. Throughout this period, there was increased attention on cyber attacks, particularly the attacks on MOVEit.

Attackers stole 65GB of data from the university and threatened to publish it, putting the personal information of 28,000 people in jeopardy. The university paid the ransom to protect the data and paid close to $250,000 dollars to the hacker group. Most of the funds came from the State of Hawaii State Insurance fund.

2023: A Comeback Year for Ransomware.

2023 recorded a significant comeback for ransomware attacks, including more ransom payments. This year, more AI-powered ransomware and email phishing attacks were recorded — a significant change from 2022.

• Ransomware payments hit a record $1 billion in 2023, showing a worrying upward trend despite a slight dip in 2022. This amount does not include the additional costs of lost productivity and repairs.
• For example, even though they did not pay the ransom, MGM Resorts suffered over $100 million in damages from attacks by ALPH V-BlackCat and Scattered Spider.

More to the point, according to Statista, "from January to October 2023, the estimated cost of downtime in U.S. healthcare organizations caused by ransomware attacks was 14.7 billion U.S. dollars."

What is the Root Cause of the Recent Surge in Ransomware Attacks?

A possible reason for the surge in ransomware could be connected to past compelling events centered on Russia invading Ukraine. Several hacker groups, including remnants of Anonymous, Ukraine Underground Army, cl0p, and the REViL group, took up virtual arms against Russia. In 2024, many groups either continued with their Hacktivism or disbanded because Russian Intelligence crackdown or global law enforcement hunted them down.

Sweden's joining NATO has caused an increase in ransomware attacks. A ransomware attack on Tietoevry, a Finnish IT services provider, has severely impacted Swedish entities like government agencies and schools.

The Akira ransomware hacking crew carried out another attack against a Finnish and Swedish entity, adding to their long list of cyberattacks.

What is the Impact of the Ransomware Attacks?

Financial

The financial implications of ransomware center on the cost of credit scoring repair and monitoring services, increases in cyber insurance, or fines and penalties. Each security event is costly, regardless of the number of systems affected or victims.

In 2023, 72% of businesses worldwide were targeted by ransomware attacks, a significant increase from previous years. Since 2018, over half of organizations surveyed each year reported falling victim to ransomware.

However, according to a report filed by Axios.com, only 29% of ransomware victims paid the ransom to recover their data.

Operational

As witnessed during the 2023 City of Dallas ransomware attack, the city paid out millions in damages and clean-up costs. Yet, no ransomware was paid. However, city operations were severely affected. According to the After Action Report filed by the City of Dallas, several critical departments faced operational challenges during the security breach.

• "ITS isolated the issue and is gradually restoring service, prioritizing public safety and resident-facing departments."
• "Dallas Water Utilities cannot process payments. Disconnections will be discontinued until the outage is resolved."
• "Vital Statistics is issuing records with limited capacity. Some records may be unavailable, especially from before 2005."

Reputation Consequences

Financial reward isn't always the intent of a ransomware attack. Ransomware groups focusing on Hacktivism look for ways to deface websites, execute Distributed Denial-of-Service (DDoS) attacks against foreign government systems, or find acceptable ways to expose personal information about a CEO or head of state.

What Ransomware Trends Are Likely to Continue in 2024?

Ransomware and extortion increased by over 66% from 2022 to 2023. Globally, Ransomware-as-a-Service (RaaS) continues to become more accessible on the dark web. Hackers no longer require extensive programming knowledge to launch a ransomware attack.

However, the good news is that organizations continue to make strategic investments in cyberattack prevention architectures powered by AI, including extended detection and response (XDR), Zero Trust for remote access and network segmentation, endpoint security, decryption tools, and backup and recovery systems, to help expedite returning access to data before the ransomware event.

Why Forenova Security for MDR Services?

MDR is required for several company regulations, including HIPAA, PCI-DSS, NIS2, DORA, GDPR, and CCPA, just to name a few. These regulations require the organization to prove that it has the capacity and capability to respond to next-generation AI-powered cyberattacks and the increase in velocity.

Forenova Security is a leading provider of cybersecurity services and MDR offerings. For organizations seeking a partner to augment their current security operations (SecOps) team or provide a complete 24x7 monitoring and response, threat intelligence, and other cyber defense tools, Forenova Security has access to experienced engineers to meet your business and compliance goals.

Learn more about the 5 most common types of ransomware