Ransomware 2024: The New Battleground is Your Data, Not Just Your Files

From Ransomware as a Service to brazen attacks on critical sectors, criminals forge ahead with innovation and aggression.

Ransomware Attack

Every year, cybercriminals devise new ways to steal credentials, access sensitive data, and disrupt business. In 2024, the most significant cybersecurity challenge may actually be overcoming a familiar threat: ransomware.

According to the World Economic Forum (WEF), ransomware activity was up 50% year-over-year during the first half of 2023, and that trend is expected to continue this year. Data from Statista indicates that more than 72% of businesses were affected by ransomware last year, and the cost of data breaches has increased by 15% over the past three years.

Driven by new technology, Ransomware–as–a–Service (RaaS) kits now make these attacks much easier and faster to deploy. There has been a simultaneous increase in the number of connected mobile devices and Internet of Things (IoT) implementations, which has expanded the attack surface. Artificial intelligence (AI) tools are helping criminals automate and accelerate attacks, while the shortage of cybersecurity experts remains a problem as well.

This has been profitable for ransomware gangs, which have extracted payments from an increasing number of victims – rising from 10% in 2019 to 54% in 2022, according to the WEF.

In addition, the attacks have become more brash, targeting critical infrastructure and healthcare providers. The ALPHV/BlackCat organization, for example, not only attacked the Leigh Valley Health Network and stole patient data, but the group also targeted individual patients with ransom demands by threatening to release clinical photos.

The same ransomware gang filed an SEC complaint against another victim (MeridianLink) when the company refused to pay its ransom, claiming it had failed to disclose its attack within the required time frame. (MeridianLink was actually in compliance.)

A Harvard Business Review article outlined several factors that helped fuel this increase in ransomware. First, cloud solutions are often misconfigured, with overly permissive access, unrestricted ports, and insufficient backup. Second, there was some complacency among companies that felt they had sufficient backup and other protections in place. Ransomware gangs have responded with more frequent attacks and extracting (rather than encrypting) data, then threatening to release it publicly. Finally, criminals are leveraging vendor relationships that allow supply chain or side-door attacks through less-protected third parties.

Clearly, ransomware isn’t going away any time soon. What can MSPs do? Even though ransomware gangs are employing new technology and tactics, the remedies remain the same:

  1. As the WEF pointed out in its report, early detection is critical to a multi-layered cybersecurity strategy.
  2. Deploying cybersecurity platforms that leverage AI can help automate detection efforts and even help MSPs and security experts predict zero-day attacks based on known vulnerabilities.
  3. MSPs and their clients must also increase awareness efforts – most successful breaches are traced to human error. Implementing routine training and cyberattack simulation technology can help keep employees up-to-speed on spotting these attacks.
  4. Companies need a multi-layered security approach that protects endpoints, networks, data, and applications (including cloud solutions). They must also deploy multi-factor authentication as a baseline, preferably using zero-trust approaches. Continuous monitoring via a 24/7 security operations center (SOC) is also increasingly necessary.
  5. Traditional strategies are also still essential. Ensure software is up to date, security patches are installed, and data is backed up according to best practices. If an attack occurs, it’s much easier to avoid paying the ransom and recover from it if you have a solid backup and recovery solution in place.

While ransomware awareness is higher than ever, and companies are spending more time and effort to avoid these attacks, criminals are increasing their efforts to steal data and obtain payments using new technology. By remaining vigilant and deploying the latest security tools with traditional training and best practices, MSPs and their clients can reduce the likelihood of a successful attack while ensuring a speedy recovery when (not if) there is a breach.