Ransomware Remains the Biggest Threat
Category: News
Published: 9th December 2024
Ransomware remains a pervasive issue and will continue to grow as an attack vector in 2025. In the first three quarters of 2024, there were over 3,600 publicly reported ransomware victims, and this represents just a fraction considering that as many as 63% of ransomware victims are never publicly disclosed. Increasingly, attackers are targeting small and medium-sized enterprises (SMEs) rather than large, resource-rich organisations. With limited cyber security resources, SMEs are highly vulnerable, and cyber criminals see them as effective entry points into larger, connected organisations via their supply chains.
It is difficult to calculate the exact cost of ransomware as it varies per breach. Financial loss depends on the type of data encrypted/compromised, regulatory fines imposed, lost productivity in the aftermath of an attack, and the businesses’ long term reputational damage.
The average extortion demand rose to £4.1 million per attack in early 2024, fuelling the rise of Ransomware as a Service (RaaS). This approach enables ransomware developers to sell code or malware on the dark web. RaaS providers offer various subscription models, from monthly toolkits to profit-sharing arrangements, providing easy entry points for hackers with limited technical skills. This commodification is making ransomware accessible to a wider criminal base, increasing both the volume and complexity of attacks.
This proliferation presents significant challenges for attribution and mitigation. Because RaaS separates ransomware developers from those deploying attacks, identifying specific actors has also become more challenging. Since RaaS allows affiliates to switch tools if an operator is caught, the risk is distributed across a resilient network.
The interplay between users and unpatched environments are often the most common sources of ransomware attacks. Both factors often serve as entry points for attackers, making them critical vulnerabilities in an organisation’s defences. For example, if users operate in environments with outdated systems, the likelihood of successful exploitation increases significantly. Therefore, it is important organisations are prioritising these risks and have sufficient security measures to prevent ransomware.
Given the cost and difficulty of responding to ransomware attacks, preventive strategies are crucial. Regular patching, data backups, network segmentation, and up-to-date Endpoint Detection & Response (EDR) systems are essential. Organisations should also foster a culture of cyber security awareness through regular testing and training. In this high-risk environment, effective protection strategies will increasingly outweigh reactive measures like insurance, as these only address the aftermath rather than preventing breaches.