Ransomware Attacks Surge Again in 2024
Ransomware attacks rose nearly 20% in 2024, according to At-Bay’s newly released 2025 InsurSec Report. The severity of these cybercrime attacks also jumped 13%. The report, grounded in real claims data, shows the digital battlefield is getting riskier, especially impacting cybersecurity for mid-sized businesses.
Companies earning between $25 million and $100 million faced the worst. They experienced a shocking 46% increase in ransomware incidents and a 47% surge in losses. Ransomware returned to 2021 levels, driven by both direct and third-party cybercrime attacks.
Remote Access Tools: A Major Cybercriminal Magnet
The majority—80%—of ransomware attacks began with remote access tools like VPNs and Remote Desktop Protocol (RDP). VPNs alone were linked to two-thirds of all attacks. Adam Tyra, At-Bay’s CISO for Customers, warned that companies using outdated remote tools are painting targets on themselves.
These legacy tools often come with unpatched vulnerabilities. Once exploited, attackers can move quickly and quietly inside the network, deploying ransomware before the victim can react.
Third-Party Risk Escalates With 43% Jump in Claims
A significant shift emerged in 2024: businesses suffered more from their vendors’ cybersecurity failures. Claims from third-party incidents rose by 43%, with average losses soaring 72% to $241,000.
The CDK Global ransomware attack, which disrupted 15,000 North American auto dealers, highlighted this danger. Even if a company’s own system is secure, partners may expose them to risk.
Email Remains the Entry Point for Cybercriminals
Email has remained the most popular method of communication for hackers, responsible for 43% of all cyber claims. It was behind 83% of financial fraud incidents. Generative AI now helps criminals craft polished, convincing messages—making attacks more effective and harder to detect.
Unlike ransomware, which starts with remote tools, email-led cybercrime attacks focus on deceiving employees directly. Victims often don’t notice until it’s too late.
Financial Fraud Is Still the Top Threat
Financial fraud accounted for one-third of all claims in 2024. Although ransomware gets headlines, fraud is more frequent. The average loss from fraud hit $268,000, with one case topping $5 million.
Mid-sized companies again bore the brunt, experiencing a 20% increase in incidents. These businesses are big enough to be targets but not always equipped with strong financial controls to catch scams.
Ransom Demands Grow, But Few Pay Up
The average ransomware demand hit $957,000 in 2024. However, only 31% of companies paid, and those who did negotiated down to an average of $317,000. Still, these events often bring higher costs—like business shutdowns and lawsuits.
At-Bay helped its customers recover $49 million from financial fraud losses and avoid paying $146 million in ransoms.
Criminal Groups Multiply and Get More Aggressive
In 2024, At-Bay identified 47 different ransomware groups, three times more than in 2021. With more groups, there’s less trust. Attackers are less likely to honor deals or return data. This uncertainty drives up costs and panic.
These groups now use tactics like double extortion, encrypting data, and threatening to leak it. Some cybercriminals, like Black Basta, have tools that exploit known remote access weaknesses, making their cybercrime attacks more efficient.
Future Outlook: Worse Before It Gets Better
The end of the Ukraine war may unleash a new wave of cyber talent, some of which were trained during the conflict. With U.S. government cyber operations pulling back, the private sector will play a more significant role in defense.
At-Bay warns that the cyber threat landscape will get more crowded and more dangerous. Businesses that delay upgrading their systems or tightening their third-party relationships may find themselves under siege.
Ransomware as a Leaky Faucet: Plain Talk for Real Folks
Think of ransomware like a leaky faucet in an old house. You know it’s dripping, but you wait to fix it—until the pipe bursts and floods the kitchen. That’s how remote access tools like VPNs are functioning in today’s cyber world. They’re old, leaky, and leaving businesses soaked with losses.
