The Evolution of Ransomware Attacks in 2024

Ransomware attacks in 2024 continue to pose a threat to companies of all sizes and organizations in diverse sectors. However, with fewer victims deciding to cave into hackers’ demands and pay the ransom, how will ransomware attacks evolve? This article takes a look at the possible evolution of ransomware attacks in 2024.

Plummeting Ransomware Payouts

A recent report by Coveware found that the last quarter of 2023 saw the lowest proportion of ransomware victims opting to pay ransoms since they started keeping records. The figure for Q3 2023 was 29 percent; a sharp contrast to Q1 2019, when 85 percent of victims chose to pay ransoms.

Driving this decline in the rate of paying ransomware victims are several factors that include:

  • Companies and their staff are more educated about the risks of ransomware and now invest more in effective deterrent measures like regular data backups and employee training.
  • Governments and law enforcement agencies worldwide openly discourage paying ransoms because they see it as incentivizing criminal activities.
  • Growing awareness that paying the ransom does not guarantee the recovery of stolen or encrypted data. In some cases, companies that pay ransoms do not receive the decryption keys or experience radio silence from the perpetrators.
  • A general push towards better education of companies and people about ransomware risks. A good example was CISA, a cybersecurity agency in the USA, running a campaign on reducing ransomware risks.

Even if fewer companies decide to pay out, this trend is unlikely to stop financially motivated cyber actors from using ransomware. In fact, the same Coveware report cited above shows that the median payment size remained stable at around $200,000 which is a sure fire sign that there’s still money to be made. The question is, what will hackers do to adjust to declining proportions of organizations paying the sums they want?

Ransomware attacks in 2024 trends

With the potential for profit in ransomware not suddenly vanishing, here are some of the ways that the ransomware landscape could evolve over 2024.

Aggressive extortion

Perhaps the defining aspect of ransomware evolution in recent years was the shift towards double extortion attacks. These attacks saw not only systems being encrypted but also sensitive data being stolen. The aim of double extortion was to maximize the chances of payouts.

But with fewer companies believing that they’ll even get their data back, ransomware gangs may even get more aggressive with their extortion. One possibility is contacting people about whom they’ve stolen data and informing them of the breach to pressure employers into paying. Aggressive extortion could extend to harassing key decision-makers at companies with phone calls, text messages, or emails to pile on extra pressure.

Better target prioritization

Past ransomware attacks tended to involve sweeping campaigns with ransomware gangs using the same types of attacks irrespective of the target. A probable trend going forward will be better prioritization of how to conduct ransomware attacks based on the organization’s sector and operations.

As an example, understanding industry nuances might see gangs hitting manufacturers with ransomware strains that encrypt vital systems and disrupt their production operations. This tactic will increase the likelihood of payouts in a sector like manufacturing where downtime is one of the worst possible things that can happen.

Recruiting disgruntled insiders

Whether because of perceived unfairness at work, job dissatisfaction, or an impending termination, employees (insiders) are often targets for cybercriminals. Recruiting insiders is a potential tactic for ransomware operators to step up their game and get more companies to pay out. Ransomware actors can exploit insider access to bypass security measures, deploy ransomware directly on the most important systems, or exfiltrate more sensitive data for extortion. Recruitment drives might come from offering insiders a slice of the payment or just direct upfront crypto payments.

More social engineering

As companies invest more in better cybersecurity technologies to fend off intrusions, ransomware gangs may well up the ante with more and improved social engineering. Targeting the human element via psychological manipulation is often more fruitful.

Trends to keep an eye on include highly personalized phishing emails, hijacking or spoofing business email accounts, or baiting people by offering something enticing to download or click on that leads to ransomware deployment. AI is obviously a threat too as evidenced by continued advancements like Open AI’s text-to-video generator that will possibly make it much easier to create plausible deepfakes of CEOs, executives, and other key business stakeholders.

How DIESEC Helps Protect You From Ransomware Attacks in 2024

As ransomware variants like BlackCat, Royal, and Akira continue to hit companies, a multi-layered defense strategy is pivotal. This is especially true given the likelihood of gangs employing different tactics to increase the pressure to pay. DIESEC helps your ransomware defense in several ways. Our pen testing service can find weaknesses in your apps or environment while our social engineering service equips your employees with the knowledge to spot and avoid falling victim to attacks like phishing that ransomware gangs often use.

Contact us to learn more