In 2024, data theft accounted for 94 % of all cyberattacks worldwide, according to new research, as ransomware campaigns increasingly entail data exfiltration with encryption.
Beyond encryption, ransom hackers now threaten to promote or hole a company’s information on the dark web if patients refuse to pay. Personal information and amazing intellectual home are frequently included in stolen data.
The findings were analyzed by BlackFog’s 2024 Ransomware Trend Report, which examined ransom activity from lots of publicly disclosed and unreleased attacks on international organizations between January and December.
The report found the average amount of data stolen in an undisclosed exfiltration attack is 592 GB, and the number of disclosed and undisclosed cyber attacks increased by 25 % and 26 % year-over-year, respectively.
Dr. Darren Williams, chairman and chief executive officer of BlackFog, said in a media launch:” The report shows 2024 was a landmark year with organizations facing growing financial and reputational damage from ransomware attacks, with high-value areas especially pressured to pay bounties to restore activities”.
According to IBM’s Value of Data Breach report, the average price of a ransomware attack involving information intrusions in 2024 was$ 5.21 million.
” Defending against malware is becoming more and more difficult as cybercriminals continue to develop their methods to exploit vulnerabilities and start large-scale attacks,” Dr. Williams continued. ” Governments are making more strides to combat this growing threat by implementing new measures like mandated monitoring of ransomware incidents. The world malware crisis is still raging at an alarming rate, though.
Ransomware hackers are becoming more and more drawn to trustworthy organization tools.
In September 2024, safety scientists discovered a double-extortion malware version targeting VMware ESXi machines, which both copied and encrypted the enemy’s information. Ransomware organizations have also been utilizing genuine document exchange techniques to carry out attacks.
Notice: Ransomware Groups Are Exploiting the Recently-Patched VMware ESXi Flaw, according to Microsoft.
In 2018, according to BlackFog, 56 % of ransomware cases were involving Power Shell, demonstrating how attackers are increasingly “using legitimate tools and platforms to infiltrate networks, establish a presence, and exfiltrate data without triggering alarms from many endpoint protection platforms.”
Top-focused companies are repeatedly under stress.
The production, solutions, and technology sectors saw the highest number of unknown attacks, and are often-cited as highly targeted due to the critical character of their availability, higher levels of automation, and large volumes of sensitive data.
For disclosed problems, care, state, and education were the most precise, accounting for 47 % of all ransomware-related news stories in 2024. The biggest surge was seen in the retail sector where reported attacks spiked by 96 % with high-profile victims including Starbucks, Sainsbury’s, Greggs, London Drugs, and Krispy Kreme.
Ransomware groups: Ancient officials persist, fresh participants emerge
LockBit remained the most effective malware party, attacking 603 reported patients. This was despite a significant law enforcement operation in February 2024, led by the U. K. National Crime Agency’s Cyber Division, the FBI, and other foreign partners. The procedure temporarily disabled LockBit’s ransomware-as-a-service system, but the party resumed operations days later on a new black web site.
Still, payments to LockBit decreased by 79 % in the second half of the year, according to separate research from Chainalysis.
BlackFog’s report identified RansomHub as the second-most active ransomware group of 2024. It was relatively new in February 2024 and quickly gained notoriety with its attacks on Halliburton and the world’s largest oil and gas services company.
Medusa and Play ranked third in disclosed and undisclosed incidents, respectively.
Increasing number of new ransomware groups driven by AI
A Cyberint report from October found that Q2 2024 had the highest number of active ransomware groups on record, as smaller, newer groups entered the scene.
The U.K.’s National Cyber Security Centre warned in January 2024 that the threat of ransomware was expected to rise as a result of the new availability of AI technologies, which made it possible for even inexperienced criminals to carry sophisticated attacks.
BlackFog’s research reinforced these findings, reporting that 48 new ransomware groups emerged in 2024, marking a 65 % increase from the number of new variants from the previous year. These newly formed groups carried out more than half of all ransomware attacks in the last two months of 2024.
