Ransomware has been a formidable threat to organizations for decades—the first variants of modern ransomware were seen in 2005, while cybercriminals were encrypting files and demanding ransoms as far back as 1989. The risks associated with ransomware attacks are diverse and complex, adding up to far more than just the financial cost of the ransom, even in cases where the target chooses to pay in the hopes of quickly recovering their data.
While organizations may assume they’re not at risk from ransomware attacks because they’re small and not a prime target, the reality is that ransomware can affect anyone. To protect against ransomware, organizations must understand the evolution of the ransomware threat landscape and the increasing risks of ransomware attacks.
The dangers of ransomware attacks go beyond the cost of paying a ransom and can impact any organization or individual directly or indirectly. The significant potential impacts of a ransomware attack include:
● Ransomware data from the United States Federal Bureau of Investigation’s Internet Crime Complaint Center (FBI IC3) shows that the median adjusted loss from ransomware and other extortion attacks in 2023 was more than $49 million. Reported losses increased by 74% between 2022 and 2023, from $34.3 million to $59.6 million.
● According to Verizon’s 2024 Data Breach Investigations Report (DBIR) found that 1/3 of all breaches involved ransomware or other extortion (9% were data exfiltration extortion only, and 23% involved ransomware deployments). While this is slightly less than the previous year, it is due to an increase in pure extortion attacks; pure extortion and ransomware combined make up nearly one in three data breaches.
● Ransomware impacts affected nearly two-thirds (66%) of organizations in 2023.
● Ransomware is a particularly potent threat in critical infrastructure and other essential industries, such as education, government, finance, law, and healthcare.
● Between 2022 and 2023, there has been an increase in the number of attacks being launched, the portion of targets paying ransoms (from 68% to 76%), lost revenue (from 56% to 62%), and reputational damage (from 43% to 48%).
● Almost one in five cyber insurance claims (19%) in the first half of 2023 were related to ransomware.
While ransomware has been a top threat for a while, the ransomware problem only continues to grow. The Verizon DBIR states that ransomware is a top threat across 92% of industries. Several phenomena characterize the growing ransomware problem:
● In 2023, 15% of breaches involved a third party, attacks that organizations could potentially mitigate by choosing trustworthy and secure vendors. This growth over previous years is due in part to an increase in software vulnerabilities and zero-day exploits for ransomware infiltration.
● Technologies like artificial intelligence empower ransomware actors by enabling more sophisticated phishing and social engineering attacks and automating time-consuming processes. This makes it easier for attackers to infiltrate targets and deploy malicious code.
● Ransomware-as-a-Service (RaaS) allows for quicker dissemination and deployment of ransomware, enabling threat actors without strong tech expertise to launch ransomware attacks. This lowers the bar for entry into the ransomware world.
● Despite the recent successes of law enforcement, ransomware attacks often have almost zero consequences for cybercriminals, and only a small number of attackers are ever caught. This incentivizes ransomware attacks by decreasing the risk profile for threat actors.
● The growth in popularity of cyber insurance has made it easier for organizations to pay ransoms, incentivizing attackers to launch ransomware attacks in search of hefty payouts.
With ransomware attacks and risks increasing, it is essential to look forward and gain insight into the progression of the threat landscape. Some projections for the continued evolution of ransomware attacks include:
● Bad actors will continue to develop more sophisticated attacks, mainly focused on new techniques to compromise supply chains for large extortion campaigns, attacks designed to evade known security measures, and straight data extortion attacks, which threaten the release of exfiltrated data without a ransomware payload.
● Attackers will shift from ransomware payload to data monetization, targeting more cloud environments and VPN infrastructure. They will also increase investments in discovering zero-day vulnerabilities to reduce dependence on access brokers.
● Geopolitical concerns will remain potent in ransomware attacks, which have a dual purpose of enriching the attackers and furthering the geopolitical goals of adversarial nations.
Staying in the loop on ransomware news, threat trends, and the digital landscape is crucial for organizations to avoid the risks associated with ransomware attacks. Increasingly sophisticated attacks using advanced technologies put organizations and their data, customers, and resources at risk from ransomware attackers. Using similarly advanced tools and tactics is the only effective defense against ransomware attacks, and organizations are encouraged to look into vendors and partners to ensure that they are reliable and prioritize security.