Information theft accounted for 94% of all cyber assaults worldwide in 2024, in keeping with new analysis, as cybercriminals more and more mix knowledge exfiltration with encryption in ransomware campaigns.
Past encryption, ransomware attackers now threaten to leak or promote an organization’s knowledge on the darkish net if victims refuse to pay. Stolen data typically contains personally identifiable knowledge and proprietary mental property.
The findings come from BlackFog’s 2024 Ransomware Pattern Report, which analysed ransomware exercise throughout a whole lot of publicly disclosed and non-disclosed assaults on international organisations between January and December.
The report discovered the common quantity of knowledge stolen in an undisclosed exfiltration assault is 592 GB, and the variety of disclosed and undisclosed cyber assaults elevated by 25% and 26% year-over-year, respectively.
Dr. Darren Williams, founder and chief govt officer of BlackFog, stated in a press launch: “The report exhibits 2024 was a landmark 12 months with organizations going through rising monetary and reputational harm from ransomware assaults, with high-value sectors significantly pressured to pay ransoms to revive operations.”
In line with IBM’s Price of Information Breach report, the common price of a ransomware assault involving knowledge exfiltration in 2024 was $5.21 million.
“As cybercriminals constantly refine their strategies to use vulnerabilities and launch large-scale assaults, defending in opposition to ransomware is turning into more and more complicated,” Dr. Williams added. “Governments are stepping up efforts to counter this rising menace, introducing new measures akin to necessary ransomware incident reporting. Nonetheless, the worldwide ransomware disaster continues to escalate at an alarming price.”
Ransomware attackers are more and more drawn to professional enterprise instruments
In September 2024, safety researchers found a double-extortion ransomware variant concentrating on VMware ESXi servers, which each copied and encrypted the goal’s knowledge. Ransomware teams have additionally been exploiting professional file switch know-how to safe assaults.
SEE: Microsoft Says Ransomware Teams Are Exploiting the Newly-Patched VMware ESXi Flaw
BlackFog reported that PowerShell was utilized in 56% of ransomware circumstances in 2024, highlighting how attackers are more and more “leveraging professional instruments and platforms to infiltrate networks, set up a presence, and exfiltrate knowledge with out triggering alarms from many endpoint safety platforms.”
Prime focused industries face relentless stress
The manufacturing, companies, and know-how sectors noticed the best variety of undisclosed assaults, and are often-cited as extremely focused as a result of crucial nature of their uptime, excessive ranges of digitisation, and huge volumes of delicate knowledge.
For disclosed assaults, healthcare, authorities, and training had been probably the most focused, accounting for 47% of all ransomware-related information headlines in 2024. The most important surge was seen within the retail sector the place disclosed assaults spiked by 96% with high-profile victims together with Starbucks, Sainsbury’s, Morrisons, London Medicine, and Krispy Kreme.
Ransomware teams: Outdated leaders persist, new gamers emerge
LockBit remained probably the most lively ransomware group, attacking 603 reported victims. This was regardless of a significant regulation enforcement takedown in February 2024, led by the U.Okay. Nationwide Crime Company’s Cyber Division, the FBI, and different worldwide companions. The operation briefly disabled LockBit’s ransomware-as-a-service platform, however the group resumed operations days afterward a brand new darkish net area.
Nonetheless, funds to LockBit decreased by 79% within the second half of the 12 months, in keeping with separate analysis from Chainalysis.
BlackFog’s report recognized RansomHub because the second-most lively ransomware group of 2024. A relative newcomer, it emerged in February 2024 and shortly gained notoriety with assaults on international producer Kawasaki and oil and gasoline companies firm Halliburton.
Medusa and Play ranked third in disclosed and undisclosed incidents, respectively.
Surge in new ransomware teams fueled by AI
A Cyberint report from October discovered that Q2 2024 had the best variety of lively ransomware teams on document, as smaller, newer teams entered the scene.
In January 2024, the U.Okay.’s Nationwide Cyber Safety Centre warned that the menace of ransomware was anticipated to rise as a result of new availability of AI applied sciences reducing the barrier to entry, enabling even inexperienced criminals to conduct refined assaults.
BlackFog’s analysis bolstered these findings, reporting that 48 new ransomware teams emerged in 2024, marking a 65% enhance from the variety of new variants from the earlier 12 months. Greater than half of all ransomware assaults within the final two months of 2024 had been carried out by these newly shaped teams.