2024 Trends: Ransomware Paydays and Anxieties

By Kurt Long, Co-Founder, BUNKR

Ransomware — a type of malware that encrypts victims’ personal systems and blocks them from accessing their personal data until a payment is provided — had a historic year in 2023. According to a report published earlier this year by cybersecurity vendor Sophos, both the number of attacks conducted and the average size of payouts increased dramatically in 2023 from the year before. Heading into 2024, cybercriminals will no doubt continue to go after soft, high-value victims as well as leverage AI into their ransomware entry points for tougher, more well-protected targets. As noted by Sophos, this will be done to keep the number of paydays and the size of payouts on an upward trajectory. Standard protections for widely used platforms and security awareness training for personnel will struggle to keep pace with cybercriminals’ AI-abetted sophistication. Because day-to-day tools such as email, texts, and mobile phones were designed to facilitate open communications rather than conduct secure affairs, cybersecurity awareness will likely struggle to keep pace with the complexities of AI devised for cybercriminal purposes. If this does not become a major, society-wide problem in 2024, it inevitably will within a few short years.

Per Sophos’s findings, 40% of ransomware payouts in 2023 cost the victims $1 million or more. This represents a nearly four-fold increase from 2022, when only 11% of ransomware attacks demanded seven figures or more. The intensification seen over the past year represents a massive escalation from the rates of ransomware damages seen between 2018 and 2020. As noted in a recent Forbes spotlight on cybersecurity, a U.S. Senate Committee on Homeland Security & Governmental Affairs report found that there was “a 65.7 percent increase in victim count and a staggering 705 percent increase in adjusted losses," according to data aggregated from the FBI within that time span. Considering that the rise in cybercrime’s frequency and severity has been an ongoing concern for several years now, there is no reason to assume that there’s an upper limit to how pervasive this problem can become.

The ripple effects of a ransomware attack can stretch far beyond the immediate financial damages they cause; ransomware is a gravy train that cybercriminals will ride for as long as they can, and as AI continues to rapidly advance, it’ll inevitably prove to be a substantial asset for malicious actors.

Because these ransomware attacks are effectively digital extortion, cybercriminals prefer to target big businesses as that’s where the money is. This could be seen recently with the cyberattack against MGM Resorts International, which ultimately took a $100 million toll on the international gambling firm’s third-quarter results. Even so, small and medium-sized businesses can make for softer, if less attractive, targets because their information security posture is generally less sophisticated. Several opportunistic campaigns have been conducted against smaller organizations as of late, with many churches and religious organizations experiencing a disturbingly high proportion of cybercrime in 2023.

Not-for-profit entities of all kinds are also particularly vulnerable. If you are connected to the Internet and your personal protections are lacking, cybercriminals will eventually find you through one avenue or another. Highly visible individuals and families — including government officials, ultra-high-net-worth families, celebrities, and business executives — should be prepared to deal with ransomware attacks and begin implementing good digital hygiene practices. Likewise, because cybercriminals can leverage an individual compromise into a broader-scale ransomware takeover of a targeted business or organization, all the more reason for a collective focus and re-emphasis on the shared need for thorough cybersecurity.

Since a universally high standard for digital security has yet to be put into place, social engineering attacks in which cybercriminals gain comprehensive access to systems in order to conduct ransomware insertion will continue until organizations and individuals address poor password management and tighten these controls. Because they provide accessible entry points for ransomware insertion, imposter attacks through email, text, and social media messengers like WhatsApp have proven to be a widespread issue. Backups of all critical systems are essential on platforms like these and others so that there is a recovery protocol to counter against ransomware attacks. It is crucial that patch levels are kept up on all systems, as a single vulnerability within an application, operating system, or security system will be brutally and quickly exploited by cybercriminals once word of it gets out. As reported by TechCrunch, several entities including multinational companies like Shell and the multibillion-dollar First Merchants Bank were hacked earlier this year. The breach followed the discovery of a security flaw in the MOVEit file transfer tool used by the various affected organizations. Despite any protections the victims may have had in place, cybercriminals were able to access sensitive information in their possession due to a glaring oversight in an inconspicuous place. This kind of occurrence is hardly an outlier: the September cyberattack on Las Vegas casino giant Caesars Entertainment alone left more than 41,000 Maine residents’ personal details in the hands of criminals.

While cybersecurity awareness training for the general public is very important, it can only go so far and accomplish so much. Our cybercriminal adversaries are dedicated, motivated, getting more sophisticated all the time, and only need to identify a single weak link to cause havoc. Our systems and tools must be more secure than they currently are if this threat is going to be addressed properly.

Next we will take a look at how cybercriminals will use AI against the public.

It has been great catching up with world-class information security professionals in the last weeks like Jim McConnell and Mark Daniel Bowling . Always amazing to have access to our BUNKR Information Security Advisors when putting this analysis together.

Follow BUNKR on Instagram @BUNKR.Life, on ‘X’ @BUNKR_Life and on LinkedIn @BUNKR or visit our web site at bunkr.life