2024 will be a volatile year for cybersecurity as ransomware groups evolve

Hackers have significantly increased demands for ransomware, rising over 20% year-over-year to $600,000, according to Arctic Wolf.

Organizations are failing to patch their networks

And there are worrying signs that 2024 will be especially volatile, as ransomware groups expand their list of targets, and explore new pressure tactics in response to increasingly effective international law enforcement efforts and the growing momentum of refuse-to-pay initiatives.

“By helping to end cyber risk for thousands of customers around the globe, Arctic Wolf Labs has access to an unmatched amount of data that allows us to provide deep and differentiated insights about the cybercrime landscape for both security practitioners and business leaders alike,” said Mark Manglicmot, SVP of security services, Arctic Wolf.

Despite BEC incidents outnumbering ransomware incidents by a factor of 10, a ransomware incident is 15 times more likely than a BEC incident to lead to an incident response investigation.

Vulnerabilities first disclosed in 2022 or earlier continue to account for nearly 60% of incidents where the root cause was the exploitation of an externally accessible system.

Manufacturing, business services, and education/non-profit were the top three industries to appear on ransomware leak sites.

Ransomware groups shape evolving cybercrime landscape

In recent years, the cybercrime industry has matured and its constituent organizations — including ransomware groups — have grown more sophisticated. In the ransomware-as-a-service (RaaS) model that has emerged, RaaS operators offer technical resources (e.g., encryption software, leak sites) and branding to independent affiliates who perform the work of compromising and extorting victims — with the proceeds split between affiliates and the operators.

Today, the RaaS ecosystem and affiliate model allows practically any aspiring cybercriminal to participate in attacks, and double-extortion attacks, in which the attacker disrupts operations and threatens to publish exfiltrated data, are the norm. Plus, some ransomware groups and affiliates add additional elements of extortion by directly contacting individuals and organizations with
ties to victimized targets.

Meanwhile, remote or hybrid work arrangements are common, extending attack surfaces into home networks, coffee shops, and other locations beyond the control of an organization’s IT department. With an uptick in cloud services, more endpoints, unmanaged/BYO devices, and business operations transitioning from analog to digital platforms, stopping ransomware attacks with effective
prevention, detection, and response becomes more challenging by the day.

One of the most effective ways an organization can increase resilience to ransomware groups is to maintain proper backup practices. While backups don’t address the issues around data exfiltration, being able to restore business operations can buy your organization time and limit the ripple effects of the attack.

“The volume of cyber incidents continues to increase each year. As we enter 2024, the wide scale availability of AI tools has the potential to supercharge the ability of cybercriminals to successfully exploit vulnerabilities,” said Catherine Lyle, SVP of Cyber Claims & Incident Response at Tokio Marine HCC – Cyber & Professional Lines Group, a member of the Tokio Marine HCC group of companies based in Houston, Texas.