Ransomware Attacks Rise Again: What’s Fueling the Surge?
Ransomware attacks are rising sharply again, with ex-RaaS groups like Lockbit leading the charge. This article explores the factors fueling the resurgence and provides essential security insights and best practices for defending your organization.
2024-01-19
'%3e%3cpath%20d='M4%204L15.733%2020H20L8.267%204H4Z'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M4%2020L10.768%2013.232M13.228%2010.772L20%204'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_8149_16006'%3e%3crect%20width='24'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M5.37214%2023.8745H0.396429V8.10162H5.37214V23.8745ZM2.88161%205.95006C1.29054%205.95006%200%204.65279%200%203.08658C1.13882e-08%202.33427%200.303597%201.61278%200.844003%201.08082C1.38441%200.548853%202.11736%200.25%202.88161%200.25C3.64586%200.25%204.3788%200.548853%204.91921%201.08082C5.45962%201.61278%205.76321%202.33427%205.76321%203.08658C5.76321%204.65279%204.47214%205.95006%202.88161%205.95006ZM23.9946%2023.8745H19.0296V16.1963C19.0296%2014.3665%2018.9921%2012.0198%2016.4427%2012.0198C13.8557%2012.0198%2013.4593%2014.0079%2013.4593%2016.0645V23.8745H8.48893V8.10162H13.2611V10.2532H13.3307C13.995%209.01393%2015.6177%207.70611%2018.0386%207.70611C23.0743%207.70611%2024%2010.9704%2024%2015.2102V23.8745H23.9946Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24588'%3e%3crect%20width='24'%20height='27'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M13.957%2014.75L14.668%2010.0848H10.2225V7.05745C10.2225%205.78115%2010.8435%204.53707%2012.8345%204.53707H14.8555V0.565174C14.8555%200.565174%2013.0215%200.25%2011.268%200.25C7.60703%200.25%205.21403%202.48441%205.21403%206.52931V10.0848H1.14453V14.75H5.21403V26.0278H10.2225V14.75H13.957Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24590'%3e%3crect%20width='16'%20height='25.7778'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Ransomware attacks rise again: Key factors behind the resurgence
In 2024, the number of ransomware attacks is climbing again after a brief decline, with Lockbit, Hiveleaks, and BlackBasta leading the charge. According to NCC Group, which actively monitors leak sites to collect attack data, Lockbit alone executed 62 attacks in July. This represents a staggering 440% increase for Hiveleaks and a 50% increase for BlackBasta since June. Why are we seeing such a rapid rise in ransomware incidents, and what should organizations do to protect themselves?
1. Ransomware-as-a-Service (RaaS) resurgence
Ex-Ransomware-as-a-Service (RaaS) groups are back in the game, and many have adapted their models to become more difficult for organizations to defend against. RaaS groups like Lockbit 3.0 have updated their ransomware packages, providing them to affiliates who launch attacks for a cut of the profits.
This decentralized business model means even small-time hackers can execute sophisticated attacks. For instance, Lockbit’s model helped it conduct ten times more attacks in July than in December. If attackers can use updated ransomware with a low technical barrier, it’s clear why the RaaS ecosystem has gained renewed momentum.
Related Link: Phishing Simulator – Explore how phishing simulators can strengthen defenses against RaaS-driven phishing attacks.
2. Increased reliance on leak sites and data monetization
Ransomware groups have refined their methods for monetizing stolen data. Leak sites have become crucial to their extortion methods, often creating more pressure for victims to pay. By threatening to publish sensitive information, attackers force companies to consider the reputational and financial repercussions of data leaks.
NCC Group’s data collection from these leak sites illustrates how integral these sites have become. If ransom is unpaid, the attackers release the data publicly, amplifying the risk of regulatory penalties for businesses and increasing payout rates. This tactic has quickly become a primary way for ransomware groups to turn breached data into profits.
Related Link: Keepnet Human Risk Management Platform – Learn how to monitor human risk factors that contribute to ransomware exposure.
3. Double and triple extortion tactics
A sharp rise in double and triple extortion tactics has made ransomware attacks more potent. In double extortion, attackers encrypt data and threaten to release it publicly. In triple extortion, attackers increase pressure by contacting clients or suppliers of the breached organization. This expanded extortion approach increases the likelihood of payouts, motivating ransomware groups to push for even greater intensity in their operations.
Related Link: Security Awareness Training – Empower your employees to recognize ransomware risks before an attack escalates.
4. Exploiting supply chain and third-party vulnerabilities
In the face of heightened security measures, ransomware groups have turned their focus to supply chain vulnerabilities. Attackers increasingly target third-party vendors or partners with weak security practices, which often serve as backdoor entry points to larger companies. This tactic has proven successful for groups like BlackBasta and Hiveleaks, both of which saw significant growth in July by leveraging these alternative entry points.
Related Link: 10 Essential Tips to Protect Yourself from Phishing Attacks – Understand critical techniques to prevent breaches in your network.
5. Advanced automation and AI in attacks
Incorporating AI and automation, ransomware groups are enhancing the precision and speed of attacks. With AI-driven scanning and automated vulnerability detection, ransomware groups can pinpoint the most vulnerable organizations quickly, enabling them to launch more attacks simultaneously.
This technology-driven approach has led to unprecedented growth for groups like Lockbit, which are now executing large-scale attacks that evade traditional security measures.
Related Link: What is Spear Phishing and How to Prevent It – Learn how AI is impacting spear phishing attacks and best practices for defense.
6. Law enforcement challenges and international factors
Many ransomware groups operate from countries with limited law enforcement collaboration, giving them freedom to operate with little interference. As ransomware groups have become highly organized and resourceful, they continue to evade capture, especially in jurisdictions with minimal regulation of cybercrime.
This lack of enforcement allows groups like Lockbit, Hiveleaks, and others to act boldly and remain active players in the ransomware landscape.
Related Link: Discovering Keepnet Labs Data Breaches Solutions – Explore Keepnet’s data breach solutions designed to mitigate ransomware risks.
7. Competition among cybercrime groups
Ransomware groups are not only targeting organizations—they’re competing with each other for dominance. Hiveleaks and BlackBasta, each with a 440% and 50% attack rate increase respectively, have ramped up operations in response to Lockbit’s aggressive tactics. As each group works to establish dominance, the outcome is a sharp increase in attack rates across the board.
This competitive dynamic further incentivizes groups to develop unique attack methods and escalate their efforts, putting organizations at heightened risk of ransomware attacks.
Related Link: Cybersecurity Awareness Training – See how comprehensive training can counteract even advanced tactics by ransomware groups.
How can organizations defend themselves?
The recent surge in ransomware attacks signals the need for a multi-faceted defense strategy. Organizations can take several steps to protect themselves against the escalating threat:
- Implement multi-layered security protocols that cover both internal and third-party access points.
- Train employees regularly with security awareness training to detect phishing and ransomware attempts.
- Back up data frequently and test restore capabilities to mitigate damage in case of a successful attack.
- Invest in incident response planning to contain breaches before they escalate.
With robust cybersecurity practices in place, businesses can reduce their vulnerability and respond effectively to ransomware attacks.
Editor's Note: This blog was updated on November 15, 2024.
SHARE ON