Ransomware is rapidly becoming one of the most profitable areas in cybercrime, with 2024 projected to be a record-breaking year in ransom demands and payments.
In a recent interview, Allan Liska, a senior threat intelligence analyst at Recorded Future, explained that despite some recent wins by law enforcement, ransomware gangs are thriving, adopting new tactics and increasingly targeting sensitive data rather than encrypting systems.
Liska projects cybercriminals will continue to exploit gaps in defense systems, making off with huge sums through tactics that are less complicated and often harder to combat.
Eight-figure ransoms, like the unprecedented $22 million that Change Healthcare paid to the Russian ransomware group ALPHV, have become a notable feature in this high-stakes arena, signaling a shift toward more aggressive financial demands and new levels of impact on victims. In some cases, he noted, the aggression extends beyond cyberspace, as cybercriminals use in-person or other high-pressure tactics to coerce payments.
This escalation, paired with an increase in data-theft-only attacks — which rose over 30% this year — points to an environment where ransomware remains lucrative and challenging to counter. Despite multiple wins by global law enforcement, Liska told TechCrunch, “A record-breaking year is still a record-breaking year, and it’s clear that attackers feel emboldened despite the risks.”
Why It Matters: Liska’s insights underscore the complexities of addressing ransomware as it becomes more profitable, aggressive, and technically adaptable. His analysis sheds light on the security risks posed by newer, highly motivated cyber actors and the shifting tactics within ransomware that make it increasingly difficult to combat. As businesses, institutions, and individuals face evolving tactics from data theft to direct intimidation, the need for effective, adaptable cybersecurity measures becomes essential to defending against these dynamic and damaging threats.
- Record Ransom Payments Expected: With numerous eight-figure ransom payments seen in 2023, including Change Healthcare’s $22 million payout, 2024 is on track to break records in ransom demands, suggesting that the financial stakes of ransomware continue to rise.
- Data Theft Over Encryption: Many cybercriminals are moving away from traditional system encryption to focus on data theft, which is simpler and often just as profitable. According to Liska, these types of attacks have increased over 30% this year, indicating a significant shift in ransomware strategy.
- Increased Aggression from Younger Cyber Groups: Younger cyber actors, including groups like Scattered Spider, have adopted high-pressure tactics, even using real-world intimidation to secure payments from victims, illustrating a trend toward more confrontational approaches.
- Financial Incentive Models Drive Escalation: Despite multiple law enforcement takedowns, eight-figure ransom payments continue to encourage cybercriminals. Liska argues that without significant changes in how ransom payments are handled, attackers may see little reason to scale back their operations.