Ransomware attacks hit record levels in 2024 despite law enforcement crackdowns

[midian182]

Why it matters: There have been several incidents of authorities shutting down major ransomware operations this year, including the seizing and disruption of LockBit. As such, you'd be forgiven for thinking that ransomware is declining, but it's not. According to an expert, 2024 is set to be another record-breaking year for this type of malware, with victims handing over more money than ever before.

Allan Liska, a threat intelligence analyst at cybersecurity firm Recorded Future, spoke to TechCrunch about the depressing state of ransomware in 2024.

"The curve is going to flatten a little bit, which I guess is good news. But a record-breaking year is still a record-breaking year," Liska told the publication. "We've also this year, for the first time that I'm aware of, had four eight-figure ransoms paid."

In February, UnitedHealth-owned health tech company Change Healthcare suffered a security incident that was later confirmed to be the work of an affiliate of Russian ransomware gang ALPHV, aka BlackCat, which stole the medical data of at least 100 million Americans. UnitedHealth paid the gang $22 million, one of the eight-figure ransoms Liska mentioned.

Ransomware attacks are usually associated with gangs encrypting a target's systems, preventing access until money for a decryption key is paid. However, Liska says there's been a rise in data-theft-only attacks this year, up 30% in 2024.

"A lot of the newer threat actors just don't want to deal with encryption, decryption, or anything like that," he said.

In February, law enforcement agencies from 12 countries came together in a joint operation that saw the LockBit ransomware website taken down (below), the seizure of servers critical for the group's infrastructure, and the arrest of several gang members, including one while he was vacationing outside of Russia. Ransomware gang Radar (aka Dispossessor) also had its servers seized by the FBI.

Despite these victories, Secureworks revealed this week that there has been a 30% year-over-year rise in active ransomware groups this year, with 31 new groups appearing.

Law enforcement agencies usually advise victims not to pay ransomware gangs as there's no guarantee they will hand over/decrypt the data, but it still happens. White House cyber boss Anne Neuberger suggested a way to stop this was to ban insurance company policies that cover reimbursement of ransomware payments.

Liska previously stated that banning payments wasn't the answer, but with eight-figure ransom payments incentivizing more attacks, he now believes it may be necessary. "My answer is: ban ransom payments, which is a terrible solution, but it may be the least-bad solution that we have," he said.

Masthead: Sebastiaan Stam

Permalink to story:

Ransomware attacks hit record levels in 2024 despite law enforcement crackdowns

 

[VitalyT]

People keep paying to cyber-terrorists, things are guaranteed to turn for the worse.

 

[Uncle Al]

The ban will only be effective if it's directed to banks, bit coins, credit cards, gift card distributors, etc. That way there is no way of getting around it so there is no source of revenue AND the Govt must remain strong, no matter the protests. Its the only way to starve them out. The other measure would be to publicly identify the country that is the source and starve THEM out as well and collectively give them 30 days to capture and surrender the offenders. If they don't, block all access around the world so they can only communicate with their fellow thieves .... then lets see how long they last once they start stealing from each other!

 

[yRaz]

"Law enforcement crackdowns"

Always loved this term. With out getting too into my views I'll leave make a statement and leave it at that

Crime is a symptom of bigger societal problems. Fix the societal problems and crime goes away then law enforcement becomes nearly unnecessary.

 

[Mark Fuller]

"Law enforcement crackdowns"

Always loved this term. With out getting toi into my views I'll leave make a statement and leave it at that

Crime is a symptom of bigger societal problems. Fix the societal problems and crime goes away then law enforcement becomes nearly unnecessary.

How do you fix the societal problems by employing a toothless fang philosophy like the FCC does?

 

[yRaz]

How do you fix the societal problems by employing a toothless fang philosophy like the FCC does?

Considering the war in drugs and prohibition is what put money in the hands if cartels to the point of then being more heavily armed than many militaries, it would seem that the militarization if the police came AFTER the social policies. Perhaps if we implement policies that compromise the group's ability to finance themselves then it won't be profitable for them to commit maleware attacks. The "toothed fang" policy you're talking about has only lead to more crime. So while justice does need to be served, this is making the problem worse.

We (The USA) have had this "tough on crime" policy for 50 years. Maybe it's time for a different approach?

 

[stewi0001]

If you take all the wasted money on political campaigns, you could do an informative campaign to:
1. Share info on how to avoid ransomware
2. Encourage people to not pay the ransom

 

[yRaz]

If you take all the wasted money on political campaigns, you could do an informative campaign to:
1. Share info on how to avoid ransomware
2. Encourage people to not pay the ransom

or you could just, you know, have security backups and staff trained to wipe and reinstall images of drives. The #1 fight against ransomware attacks is PREPERATION. Have multiple backups and a plan to restore all computers in the event of a ransom ware attack with said backups. It's not even like you have to back up every computer a company with 1000 computers have. Most are just terminals that you log into as. You just backup a few databases every day and then you can just format and load an image on the "terminals".

Hell, most of those "terminals" can have an image loaded onto them over the network.

sudo dd if=/backups/backup.img of=/network_address_of_companyPC/dev/sda -x

make a bash file to wipe all system at once, it would take me less than an hour as long as I had proper backups and making backups can also be automated. It's really not that hard

 

[Dreadcthulhu]

"Law enforcement crackdowns"

Always loved this term. With out getting too into my views I'll leave make a statement and leave it at that

Crime is a symptom of bigger societal problems. Fix the societal problems and crime goes away then law enforcement becomes nearly unnecessary.

Aren't most of these cyber attacks coming from criminals in other countries? How is the US supposed to "fix" the societal problems Russia, China, India, North Korea, etc have? Of course, law enforcement too has limits on what they can do; not every cyber criminal will be dumb enough to vacation outside of their home country like that one Russian guy the article mentions. And trying to sanction countries that host these sorts of criminals has its limits as well (I mean Russian & North Korea are already being heavily sanctioned for other reasons).

 

[Dreadcthulhu]

Also, while have good back-ups keeps crytographical locking from being a huge threat, plenty of criminal organizations will also download what ever data they can, and threaten to release sensitive material unless the ransom material is paid. Back ups don't help you there.

 

[yRaz]

Also, while have good back-ups keeps crytographical locking from being a huge threat, plenty of criminal organizations will also download what ever data they can, and threaten to release sensitive material unless the ransom material is paid. Back ups don't help you there.

Don't leave information capable of blackmail unencrptyed? That one seems pretty obvious. People who don't see that as obvious should not be incharge of all that data. The worst part is that all of this has been able to be automated for 30 years.

Also, paying the ransom does not guarantee that that ransomeer will delete their data or have a backup of it.

 

[Mark Fuller]

It's the old break something to fix it routine.

 

[Mark Fuller]

If you take all the wasted money on political campaigns, you could do an informative campaign to:
1. Share info on how to avoid ransomware
2. Encourage people to not pay the ransom

It would certainly be enough to make a good stab at it anyway.

 

[Win7user]

Why can't these companies use image software to back up their data? Then, just reinstall if compromised.