In 2024, there was a notable rise in the skills, assertiveness, and unpredictability of ransomware assailants. Almost all the major statistics have increased — more ransomware factions, larger targets, and higher payouts. Criminal ransomware syndicates also target vital infrastructure and supply chains, escalating the risks for victims and intensifying the incentive to collaborate.
Let’s explore the most significant ransomware narratives of 2024.
Record levels of ransomware remittances
Ransomware remittances hit unprecedented levels in 2024. In the initial half of the year, victims handed over a staggering $459.8 million to cyber perpetrators. The largest disclosed ransom fee ever was $75 million, paid to the Dark Angels ransomware faction by an undisclosed Fortune 50 corporation.
Moreover, the median ransom payout skyrocketed from less than $199 thousand in early 2023 to $1.5 million by June 2024. The average sum demanded in 2024 also observed a substantial rise, reaching $2.73 million, nearly $1 million more than in 2023.
Despite these record-breaking payouts, there was a 27.27% year-over-year decrease in the count of ransomware payment incidents. This implies that although fewer organizations submit to ransoms, those that do face significantly higher sums. The primary reason is that ransomware groups focus on larger organizations and providers of critical infrastructure, concentrating on high-profile assaults and yielding more substantial remittances.
Ransomware incursions impact healthcare systems
Ransomware incursions on healthcare entities surged dramatically in 2024, with 264 incidents documented in just the first three quarters. Approximately two-thirds (67%) of surveyed healthcare organizations disclosed being affected by ransomware assaults, up from 60% in 2023. The average ransom solicited per attack surpassed $5.2 million in the initial half of 2024, with certain high-profile cases demanding as much as $25 million. Recovery durations have also extended, with only 22% of victims fully recovering within a week, a decline from 47% in 2023.
Explore the Threat Intelligence Index
Starbucks affected by significant supply chain breach
Supply chain management software vendor Blue Yonder fell victim to a ransomware breach on November 21, 2024. The breach disrupted clients, including coffee behemoth Starbucks and its roughly 11,000 United States stores. Starbucks’ ability to schedule employees and monitor work hours was impacted, necessitating the tech-savvy company to resort to manual scheduling methods, affecting payroll operations. Blue Yonder is collaborating with external cybersecurity firms for investigation, yet as of November 25, the firm has yet to set a restoration timeline.
New ransomware cliques emerge despite crackdowns
This year witnessed a 30% surge year-over-year in the number of active ransomware gangs despite law enforcement interventions. Secureworks’ yearly State of the Threat Report divulges that 31 fresh groups joined the ecosystem in only 12 months. When one group, such as LockBit, is subdued by law enforcement, another, like RansomHub, emerges to fill the void. Authorities are engaged in a game of Whack-a-Mole.
Ransomware aggressors target U.S. harbors
Ransomware assaults on U.S. ports surged in 2024 both in frequency and sophistication. For example, the Port of Seattle suffered an attack in August, causing significant disruptions. The U.S. government responded decisively. In February 2024, President Biden signed an executive order broadening the U.S. Coast Guard’s jurisdiction to address cyber incidents in the maritime sector and demanding enhanced digital fortifications for port operators.
The necessity for cybersecurity has never been more critical. With ransomware factions’ heightened sophistication and capacity, defenders increasingly require AI threat detection and, indeed, AI cybersecurity solutions in general, alongside cybersecurity best practices throughout the organization.