Ransomware Attacks Hit All-Time Highs
Travelers today released its Q4 2024 Cyber Threat Report, revealing an unprecedented surge in ransomware attacks. The report highlights that ransomware operators have shifted tactics from mass-scale exploits to more repeatable attack methods.
According to the report, 1,663 victims were posted on leak sites in Q4 2024, marking a 32% increase from Q3 and setting a new record. November saw the most activity, with 629 attacks, followed by a drop to 516 in December. Over the year, 5,243 victims were posted on leak sites. That represents a 15% rise from 2023.
Despite increased attacks, ransomware revenue fell by 35% to $813 million as more organizations refused to pay. However, costs from business disruption, IT recovery, and regulatory fines remained high.
A Shift Toward Repeatable Attack Methods
Unlike previous spikes in ransomware, Q4 2024 saw fewer mass-scale vulnerability exploits. Recently, attackers focused on predictable and repeatable methods, such as targeting weak VPN credentials. A leaked ransomware training playbook from mid-2023 outlined this strategy. Among the advice it offers; hackers should search for default usernames and use common password combinations rather than waiting for new software vulnerabilities. These tactics were successfully applied at scale, allowing ransomware groups to operate with greater success.
Nation-State Support for Ransomware Groups
The report also highlights growing nation-state involvement in ransomware operations. Pioneer Kitten, “a nation-state cyber” actor, collaborated with ransomware organizations, selling access to compromised networks and assisting in encryption processes.
CISA linked Jumpy Pisces, a nation-state threat actor, to the Play ransomware group. Additionally, Google Threat Intelligence and OpenAI reported increased use of AI tools by state-sponsored hackers for reconnaissance, phishing campaigns, and malware development.
Ransomware Groups Evolving Rapidly
The ransomware landscape shifted dramatically in 2024. Leading groups included:
- RansomHub, 238 attacks.
- Akira, 133 attacks.
- Play, 95 attacks.
Additionally, 55 new ransomware groups emerged, a 67% increase compared to 2023.
Targeted Industries and Rising Threats
IT services and consulting firms were among the most targeted sectors in 2024. These businesses connect to multiple clients, making them high-value ransomware targets.
The construction industry saw a 56% increase in attacks, with 129 incidents in Q4 alone. Healthcare organizations remained vulnerable, with attacks rising from 166 in 2023 to 210 in 2024. Law firms and financial services also faced growing threats.
Cybersecurity Recommendations
The report emphasizes the need for stronger cybersecurity measures, including:
- Implementing phishing-resistant multi-factor authentication (MFA) for remote access and email.
- Running vulnerability management programs. This facilitates quicker patching of critical security flaws, particularly in VPNs.
- Maintaining reliable backups and ensuring resilient disaster recovery and business continuity plans.
- Deploying endpoint detection and response (EDR) solutions with 24/7 monitoring.
Looking Ahead
The Q4 2024 ransomware surge proves cyber threats are only getting smarter. Hackers are refining tactics. Nation-state support is growing. Businesses must act now. Strong cybersecurity is no longer optional. Proactive defense is the only way to stay ahead.
Other News: Global Ransomware Attacks Surge in Q2 2024: Corvus Insurance Report(Opens in a new browser tab)
