Amid intensifying geopolitical tensions, ransomware attacks in 2024 are set to reach record levels, escalating the risks faced by companies worldwide. There is a shift toward more sophisticated extortion tactics, emphasizing the urgent need for coordinated global action and robust incident response strategies as organizations confront increasingly aggressive and persistent cyber threats, says GlobalData, a leading data and analytics company.

GlobalData’s latest Thematic Intelligence report, “Deep Dive into Ransomware,” reveals that 2023 was the third worst year on record for ransom attacks and the worst for payments, which reached over $1 billion, citing Chainalysis.

David Bicknell, Principal Analyst of Thematic Intelligence at GlobalData, comments: “Companies are under constant threat from ransomware attacks and, once breached, must decide whether to pay the ransom to recover their operations and data. The surge in attacks reflects a shift toward a more aggressive ransomware landscape. What began as phishing-led incursions requiring decryption keys has evolved into sophisticated extortion, where attackers post victims’ data on the dark web, leading to further attacks by other groups.”

Companies that have suffered ransomware attacks include Boeing, Caesars Entertainment, MGM Resorts, Change Healthcare, Royal Mail, Johnson Controls, the UK’s National Health Service (NHS), Sony, Capita, and Dish Network.

Jordan Strzelecki, Associate Analyst of Thematic Intelligence at GlobalData, adds: “High-profile law enforcement takedowns are increasingly disrupting ransomware gangs. Successful action against Hive, LockBit, and AlphV temporarily stemmed the tide of attacks and sent a warning to cybercriminals that their days could be numbered. 

“However, the ransomware industry is never static, and new gangs continually emerge to replace those that have been taken down or have become less effective. Gang affiliates are taking a larger slice of ransom payments and are making repeat attacks. Ransomware gangs are now actively competing to attract talent.” 

Bicknell continues: “Government and cyber authority action on ransomware and ransom payments must be coordinated and international. Countries will fail to combat bad actors if they spend their time trumpeting their own cybersecurity credentials and competing with other nations. The battle against ransomware can only be won if countries, cyber authorities, law enforcement, and companies work together.”

Strzelecki concludes: “Every business must develop and test an incident response plan, see the bigger picture around paying ransoms, and stay informed about ransomware developments to protect their organizations in the event of a successful attack.”