A surge in ransomware groups in 2024 left companies facing increased attacks, even as law enforcement ramped up investigations against well-known groups such as LockBit, and dismantled popular cybercriminal services, such as phishing-as-a-service provider LabHost and the encrypted messaging platform Ghost.
According to recent studies, more than 75 ransomware groups were actively compromising targets in 2024, compared to only 43 the previous year. This surge in attacks resulted in more than half of organizations suffering successful attacks, leading to shutdowns of some operations and significant revenue losses. Trevor Dearing, the director of critical infrastructure solutions at Illumio, emphasized the ongoing threat posed by ransomware, highlighting that as long as extortion remains profitable, organizations will have to deal with significant challenges.
Various data sources, including NCC Group and Rapid7, indicated that there was a 15% increase in ransomware attacks in 2024 compared to the previous year. The number of successful attacks claimed by ransomware groups averaged 18 per day in December 2024, demonstrating the escalating pace of compromises. RansomHub, LockBit, and Play emerged as the most prolific ransomware groups in 2024, generating significant ransom payments from victims.
Despite increased law enforcement activity targeting cybercriminals, ransomware gains persisted throughout the year. European authorities disrupted the Ghost encrypted communications platform used by organized crime groups, while Canadian authorities arrested a hacker behind compromising firms’ Snowflake instances. In December, Israeli law enforcement apprehended a 51-year-old LockBit developer, showcasing efforts to combat cybercrime. However, Christiaan Beek, senior director of threat analytics for Rapid7, noted that law enforcement actions may be fracturing the criminal ecosystem, leading to increased cybercriminal service offerings.
Estimates of ransom amounts paid by companies varied significantly, with victims paying median ransoms of $200,000 in Q3 2024, as per Coveware. The Ponemon Institute estimated the average ransom demanded to be $1.2 million. Illumio’s Dearing highlighted that these figures do not include investigation and clean-up costs, emphasizing the financial impact of ransomware attacks on organizations.
The survey conducted by the Ponemon Institute revealed that paying a ransom does not guarantee data recovery or deter future attacks. Half of all companies that suffered ransomware attacks in 2024 did not receive a decryption key, and in a third of cases, attackers demanded more money. Only 13% of companies managed to recover all their data following a ransomware incident.
To minimize the impact of cyberattacks, companies must focus on early detection and develop plans for business continuity. Having backups and cloud operations in place can help organizations recover quickly and resume operations with minimal disruption. Companies lacking visibility and security controls are at higher risk of severe disruption, emphasizing the importance of implementing basic security measures within organizations.
Overall, the surge in ransomware attacks in 2024 underscores the persistent threat posed by cybercriminals to organizations worldwide. Law enforcement efforts are making strides in combating cybercrime, but organizations must remain vigilant and prioritize cybersecurity to mitigate risks and protect their operations from ransomware threats.