Ransomware remains one of the biggest cybersecurity threats impacting businesses in 2024. From high-profile breaches like the infamous WannaCry cyber attack and last year’s MOVEit breach to devastating attacks on the healthcare and industrial sectors, it continues to wreak havoc on organizations worldwide.
With the number of known cases increasing by 73% in 2023, the threat of ransomware attacks has never been higher. And while organizations are now aware of the real threat of ransomware attacks in 2024, it is still far from a waning threat. In fact, according to experts, it’s entering its golden age.
So what can organizations do to keep themselves safe from this evolving threat? Ahead of Anti-Ransomware Day on May 12, we spoke to 9 cybersecurity experts to learn why ransomware continues to be a major threat in 2024.
What is Anti-Ransomware Day?
Anti-Ransomware Day is an annual event celebrated on May 12th that is dedicated to raising awareness about the threats posed by ransomware and promoting best practices to defend against these attacks. It’s an opportunity to learn more about ransomware and how to protect yourself from it
Ransomware is a type of malware that encrypts a victim's files, making them inaccessible. The attackers then demand a ransom payment in exchange for a decryption key. Ransomware attacks can be devastating for individuals and businesses alike, causing data loss, financial disruption, and reputational damage.
Anti-Ransomware Day serves as a reminder to take steps to protect yourself from these attacks. It encourages organizations and individuals all over the world to follow crucial security practices, whether that be regularly backing up their data, using strong passwords and keeping software up to date, being cautious about opening attachments or clicking on links in emails from unknown senders and having a good security solution in place.
Why is Anti-ransomware Day still important in 2024?
One of the biggest challenges in the fight against ransomware is that even as new security practices and tools are developed, threat actors are developing ever more sophisticated attacks and ways of working. Awareness of the risk is greater than ever – but that doesn’t mean that organisations are better equipped to deal with it.
“Over the last year or so, the continuing threat of ransomware has been underscored by high-profile attacks such as the exploitation of the MOVEit vulnerability by the CL0P ransomware group - which had targets including British Airways and the BBC - and attacks on the British Library, the Guardian and the Royal Mail,” points out Nick Palmer, Solutions Engineer at Censys.
“The recent ESXiArgs ransomware attack further highlighted the scale of risk, as it targeted VMware ESXi servers worldwide in swiftly growing numbers. Censys data revealed there were at least 2,400 compromised devices worldwide and that the ransomware continued to evolve in direct response to attempts to remediate it.”
“Initially, ransomware attacks were straightforward, employing a single-stage approach: encrypting data and demanding payment for its release,” adds Chris Denbigh-White, CSO, Next DLP. “In response, information security professionals advocated for robust backup systems to mitigate potential disruptions caused by widespread data encryption.
“More recently, ransomware gangs have escalated their tactics further by engaging in multifaceted attacks involving encrypting and exfiltrating data and leveraging this information to coerce victims into compliance. This advanced attack level extends to disclosing the breach to victims’ customers and regulatory bodies if ransom demands are not met, thus extending the ultimatum to ‘pay us or we will release your data AND report you!’”
Lorri Janssen-Anessi, Director of External Cyber Assessments at BlueVoyant, also warned about the "tightening grip" of ransomware in 2024, warning that recent advancements in AI are only escalating the risk fo cyber threats.
"With Generative AI tools being used to enact increasingly sophisticated and frequent attacks, companies must take a proactive approach to preventing ransomware. “Good enough” is no longer good enough," said Janssen-Anessi.
"AI can be used to make social engineering attacks, like phishing, more convincing, making it more likely that employees may fall from scams that download malware, which could lead to your enterprise being ransomed. AI also improves efficiency of scanning for vulnerable systems with malicious intent, to help find companies that may be vulnerable to ransomware."
Building a defence against ransomware
While many organizations understand the real threat of ransomware attacks, many still struggle to build robust security defences against them due to the evolving sophistication of cyber attacks.
“Due to the increasing sophistication and success of cybercriminals, organisations can no longer afford to simply meet the basic security requirements, “ argues Darren Thomson, Field CTO EMEAI at Commvault.
He continues: “Staying protected against these threats is much more than building taller walls or deeper moats – organisations need to achieve enterprise-grade cyber resilience to be able to withstand whatever is thrown its way. Anomaly detection and early warning systems are essential to this. Knowing as soon as something out of the ordinary is happening within your systems enables security teams to isolate the environment and stop malware in its tracks before it has the opportunity to encrypt, steal or remove access to critical datasets and systems.”
It’s also vital that organisations tailor their security to their specific needs. For example, Moshe Weis, CISO at Aqua Security, points to the risks of cloud-native environments “where the attack surface is expansive, and the potential impact is heightened. The dynamic nature of cloud infrastructures, coupled with the proliferation of remote work and personal devices, presents new challenges in defending against ransomware attacks.”
He adds: “In response to this evolving threat landscape, we recommend prioritising the adoption of proactive measures and robust defence strategies tailored to cloud-native environments. This includes deploying advanced endpoint protection solutions integrated with Secure Access Service Edge (SASE) capabilities, implementing micro-segmentation and network segmentation to limit the lateral movement of ransomware, ensuring regular data backups stored securely in cloud repositories, and conducting comprehensive employee training and awareness programs.”
An additional challenge in the collective fight against ransomware is a fragmented approach. “If one organisation then develops a technique for detecting a specific form of malware, this is invaluable information for many other IT security teams,” outlines Jason Keirstead, Vice President of Collective Defense at Cyware. “But, this valuable insight is rarely shared outside of the organisation that discovered it. This gives attackers a huge advantage because the one thing they have in their arsenal that security teams often don’t have is a collaborative approach.
“But it doesn’t need to be this way. By adopting a collective cyber defence strategy, organisations can collaborate internally within teams, and externally across industries to share this valuable insight and defend against cyber threats including ransomware. There are many ways to achieve this collaborative approach. One helpful tool is what’s known as a Cyber Fusion Centre - a model that unites all security functions, including threat intelligence, security automation, threat response, security orchestration, and incident response, in one cohesive whole, allowing real-time collaboration and the easy exchange of knowledge.”
Anti-Ransomware Day: Looking to the future
So what will the fight against ransomware look like over the next few years? As in most areas of technology, it’s likely that AI will have a major impact, making attacks much more sophisticated while lowering the barriers to cybercrime.
Martin Simpson, Principal at Node4 Security Practice, believes “AI will be at the heart of providing defences against malware and ransomware specifically, whether it be used to enhance and automate an organisation’s threat identification and reposition its defensive posture or respond to a live event through terminating services under attack and preventing the proliferation of the malware.”
However, others sound a note of warning. “There is no denying that attackers are getting more dynamic and creative in their attempts to infiltrate businesses,” argues Andy Swift, Technical Director of Offensive Security at Six Degrees.
“Generative AI is only going to speed this up as ransomware developers abuse the technology to help turn new code around faster. No business is immune to attack and this makes resilience equally as vital as threat detection and prevention. Organisations must ensure they have enhanced data protection through authenticated data access, data encryption, and solid data backup solutions. And this requirement should extend through their suppliers and partners - using zero trust practices, least privilege access, and boundary controls all the way down the supply chain.”
Another potential evolution in the fight against ransomware could be the introduction of a ransomware payments ban in some countries. “The pros of banning ransomware payments are that it removes an incentive for criminal activity and is a morally sound choice,” outlines Laurie Mercer, Security Architect at HackerOne.
“The cons are that in the short term, this will result in an increase in data breaches, PII leaks, and the destruction of hardware and software assets when the payment demands are not met. The reality is that whilst the UK is a leader in the cyber security industry, many many organisations lack the resources to defend against these attacks.
“One way to offset the risk of ransomware attacks is to counteract the ransomware incentive model for a vulnerability rewards incentive model. Public bug bounty programs incentivise white hat hackers to highlight gaps in your defences that can be exploited by ransomware gangs. To stop yourself from being hacked, you might need to work with hackers.”
Ultimately, it’s clear that ransomware will remain one of the most significant threats organisations face. Whether or not a payments ban is implemented, continually investing in first-class security tools and integrating security practices across an organisation is a must.