Date: 21 August 2024
Ransomware attacks are on the rise. You probably read this statement all the time. But when the numbers corroborate this statement - the sinister reality becomes starker than ever. Ransomware gangs apparently raked in a record-shattering $459,800,000 in the first half of 2024 alone.
As per Chainanalysis, ransomware gangs made a total of $1.1 billion in 2023. If the trend set by ransomware payments in the first half of this year is anything to go by, the billion-dollar record from last year will easily be broken in 2024. The money made by ransomware gangs in the first 6 months is already 2% higher than the numbers from the same period last year.
Topics Covered in this article:
1. Key Highlights on Ransomware Payments in H1 of 2024
2. Ransomware Mitigation - Top Steps to Take Today
Ransomware Payments in First Half of 2024: Key Highlights
Here’s a quick gist of the main points on Ransomware Payments highlighted in the Chainalysis report on Cyber Crime, Ransomware and Crypto Thieves this year:
- Ransomware gangs are now focussing on large organisations and creating huge disruptions and encrypting files. They’re carrying out high-profile attacks in smaller numbers but with higher ransom demands and payments. This is popularly being called ‘Big Game Hunting’ now.
- Earlier this year, Zscaler discovered a record-breaking ransom payment of $75 million by a Fortune 50 company. Payments such as this are contributing to the massive profits that threat actors have been able to make this year by demanding a ransom. In 2023, the highest ransom payment made was reportedly $37.8 million.
- The average ransomware payment was $200,000 in early 2023. This has jumped to a whopping 1.5 million by June 2024.
- If the trajectory of attacking critical infrastructure organisations with deep pockets continues, 2024 will be the highest grossing year for ransomware attackers - a frightening trend likely to imbue newer players.
- Despite law enforcement agencies cracking down on major players such as BlackCat and LockBit, ransomware attacks showed no signs of slowing down. Former affiliates and new players have continued to unleash new methods and techniques to victimise more organisations globally. The rise of ransomware as a service (raas) has contributed to this trend.
- The frequency of ransomware infection has increased by 10% this year.
- A bit of good news? While the ransom payment figures are higher in 2024, research based on leak site data suggests that the frequency of payments is going down. This means fewer victims are paying a ransom now.
Ransomware Prevention: Is it Possible to Stay Protected?
In one word - no. It’s no longer possible to evade the possibility of being attacked at all. But resilience in the face of ransomware attacks i.e. ransomware mitigation is definitely possible.
In fact, the Chainanalysis report itself mentions that several organisations have managed to bounce back in 2024 after a ransomware attack without making a payment. This goes to show that the increasing global commitment to cyber resilience is paying off dividends already.
So how do you achieve this level of resilience to ransomware attacks? Here’s a quick checklist:
- Make Ransomware Resilience a Priority: Ransomware attacks stopped being an IT problem a long time ago. They are one of the biggest threats to business operations and profitability today. It’s imperative to accord cyber protection the importance it deserves. If you don’t have appropriate cybersecurity leadership in your organisation, consider hiring a Virtual CISO or vCISO.
With our Virtual CISO service, you get access to complete, hands-on Security-as-a-Service. At a fraction of the cost of hiring a full-time CISO or a large consultancy, you get full-support access to some of the most experienced cybersecurity professionals in the world. They will advise you on the strategic cybersecurity investments to make, help you get your ransomware response documents and checklists in order and guide you through the implementation processes.
This can be a major step towards your overall cyber resilience, helping you detect and respond to cyber threats before they turn into full-blown ransomware attacks. - Implement Regular Data Backups: If you have ironclad backups, ransomware attackers basically lose most of their power against your business. You won’t even need to consider paying up for a decryption key. Ensure that critical data is backed up frequently and stored in secure, off-site locations.
Regularly test backup restoration processes to guarantee quick recovery in case of an attack. This practice minimises downtime and mitigates the impact of ransomware. Yes, data breaches will still occur but your operating system can be up and running by enabling the restoration of unencrypted files. - Employee Awareness and Training: A bulk of major ransomware attacks globally have been caused by compromising employee credentials. It is absolutely critical to conduct certified cybersecurity training for your employees about the dangers of phishing emails, social engineering, types of malware, malicious software and other common attack vectors.
Employees should be well-informed on how to identify suspicious emails and links, and know the proper protocols to follow if they suspect a security threat. Training them in Cyber Incident Response is the most effective way to ensure that your staff knows what to do and how to control the damage when you’re under attack. - Deploy Multi-Layered Security Measures: Utilise a combination of security tools to create multiple layers of defence. These include firewalls, intrusion detection systems, endpoint protection, and email filtering. Again, your Virtual CISO can help guide you on the most relevant security measures that your business needs immediately. Also remember to regularly update and patch all software and systems to protect against known vulnerabilities that could be exploited by ransomware.
- Establish a Robust Cyber Incident Response Plan: This is truly a no-brainer in a world dominated by cyber crime and ransomware attacks. Yes, there is no foolproof strategy to protect against attacks. But you can mitigate the damage they cause if you take the right steps at the right time. And to achieve this you need a solid, effective Cybersecurity Incident Response Plan.
The plan should include immediate steps for isolating infected systems to prevent spread of malware. It should delineate clear roles and responsibilities for all key incident responders. Crisis communication protocols should be one of its core components. Informing affected stakeholders and appropriate regulatory authorities correctly is what will save you from the public backlash and hefty fines that ransomware attacks are always accompanied with. - Limit Access and Implement Least Privilege: Restrict user access to sensitive data and critical systems. Least Privilege means every employee should have access to only that data or those systems which they absolutely need to perform their jobs smoothly. This reduces the risk of ransomware spreading across the network by limiting the number of potential entry points and the extent of damage that can be caused by compromised accounts.
