2024 looks set to be the highest-grossing year yet for ransomware gangs, due - in no small part - to emboldened cybercriminals causing costly disruption at larger companies.
The so-called 'big-game hunting' cyberattacks which target larger, higher-value organisations have contributed to US $459.8 million paid to cybercriminals in the six months of 2024, according to a report by the cryptocurrency research firm Chainalysis. Although the rise in money criminals have generated through ransomware has risen by what may appear to be a small percentage amount (approximately 2% from US $449.1 million to US $459.8 million), this is in spite of disruption caused to ransomware-as-a-service operations such as LockBit and ALPHV/BlackCat by law enforcement agencies. The figures for the first half of 2024 include the US $75 million reportedly paid to the Dark Angels ransomware gang by an undisclosed Fortune 50 company, in what was believed to be the largest ever single ransom payment made since records began.
The ballooning size of maximum ransom payments represents a 96% year-on-year growth from 2023, and a 335% increase from the maximum payment made in 2022.
Chainalysis's research reveals that the median ransom payment made in response to the most severe ransomware has rocketed from just under US $200,000 in early 2023 to US $1.5 million by mid-June 2024.
The researchers believe that this 7.9x increase in the typical size of ransom payment (a nearly 1200x rise since the start of 2021) suggests that larger businesses and critical infrastructure providers considered more likely to agree to make higher payments due to their greater access to funds and the more significant impact of downtime.
Against this backdrop, the study claims that ransomware victims are giving in to extortion demands less often. As it explains:
Posts to ransomware leak sites as a measure of ransomware incidents have increased YoY by 10%, something we would expect to see if more victims were being compromised. However, total ransomware payment events as measured on-chain have declined YoY by 27.29%. Reading these two trends in tandem suggests that while attacks might be up so far this year, payment rates are down YoY. This is a positive sign for the ecosystem signalling that perhaps victims are better prepared, negating the need to pay.
In short, ensuring that your organisation had prepared to respond to a ransomware attack is essential.
Many organisations underestimate the importance of having a robust incident response plan. But knowing how to respond, especially in those critical first 48 hours after a cyber attack, can be critical.
Do you worry your company won't know how to recover after a cyber attack? Has your business just been hit by ransomware and you're wondering what to do?
There's still hope.
Don't make the mistake of believing that your organisation will never be targeted. The right approach is to take proactive measures in advance - as it's not a case of whether your business will suffer the likes of a ransomware attack but when.
Make sure to read Exponential-e's step-by-step guide on ransomware remediation.
Stay Informed
When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.
About the author
Graham Cluley is an award-winning cybersecurity public speaker, podcaster, blogger, and analyst. He has been a well-known figure in the cybersecurity industry since the early 1990s when he worked as a programmer, writing the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows.
Since then he has been employed in senior roles by computer security companies such as Sophos and McAfee.
Graham Cluley has given talks about cybersecurity for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.
Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.