In Brief: Ransomware attacks are hitting unprecedented highs in 2024, despite increased efforts from law enforcement agencies worldwide to take down major ransomware groups. The persistence and adaptation of cybercriminals have made ransomware an even more lucrative business, with companies now paying record sums to retrieve stolen data or unlock encrypted systems.

Why It Matters

Authorities have made several high-profile takedowns this year, including seizing operations of infamous groups like LockBit. These efforts have led some to hope that ransomware activity might be on the decline. However, the data tells a different story. According to cybersecurity analysts, ransomware attacks are still on the rise, and 2024 is likely to break records for both the frequency and financial impact of these attacks.

Allan Liska, a threat intelligence analyst at Recorded Future, shared with TechCrunch that, while the curve of ransomware growth may "flatten a little bit," 2024 will remain a record-breaking year. "We've also this year, for the first time that I'm aware of, had four eight-figure ransoms paid," Liska noted, highlighting the increasing severity of these cyber extortion incidents.

Major Incidents in 2024

One of the year’s most notable ransomware incidents involved UnitedHealth-owned Change Healthcare, which fell victim to the Russian ransomware group ALPHV, also known as BlackCat. In February, Change Healthcare's systems were infiltrated, compromising the medical data of over 100 million Americans. UnitedHealth ended up paying a staggering $22 million in ransom—one of several multi-million dollar payments made to ransomware groups this year.

New Trends: Data-Theft-Only Attacks on the Rise

Traditionally, ransomware attacks involve encrypting a target’s data and demanding payment in exchange for a decryption key. However, Liska noted an alarming trend in 2024: a significant rise in data-theft-only attacks, which increased by 30% this year. "A lot of the newer threat actors just don't want to deal with encryption or decryption," Liska explained. These groups instead steal data and demand payment solely to prevent its public release, bypassing the technical challenges of data encryption.

Law Enforcement Victories, but More Ransomware Groups Emerge

Despite the uptick in attacks, law enforcement has had some successes. In February, an international coalition of law enforcement agencies took down the website and infrastructure of the LockBit ransomware gang and arrested multiple members, including one captured while on vacation. The FBI also seized the servers of the ransomware group Radar, also known as Dispossessor.

Yet, despite these victories, new ransomware groups keep appearing. According to Secureworks, 2024 has seen a 30% increase in active ransomware groups, with 31 new groups identified over the past year.

Calls to Ban Ransom Payments

While law enforcement often advises victims not to pay ransoms, the reality is that companies continue to do so, fearing the financial and reputational damage of a data breach. In a controversial stance, White House cyber chief Anne Neuberger recently suggested banning insurance companies from covering ransomware payment reimbursements to reduce the incentive to pay.

Liska, once a skeptic of such a policy, now believes banning ransom payments might be necessary. "My answer is: ban ransom payments, which is a terrible solution, but it may be the least-bad solution that we have," he said.

The Road Ahead

While law enforcement agencies have made strides in combating ransomware, the record-high attack levels of 2024 show that cybercriminals are quick to adapt. Until decisive measures reduce the profitability of these attacks, companies will likely continue paying to protect their data, and ransomware will remain a severe global threat.

Read the original article here