As ransomware continues to be on the rise, we can expect groups to continue to evolve their attacks and operate at a larger scale for bigger profits. This will put organizations at higher risk if they don’t adopt a more aggressive security strategy.
Here is what we can expect the ransomware landscape to look like in 2024.
In 2024, we’ll see more mass exploitations of vulnerabilities
As a result of the pandemic, organizations moved many of their departments and processes online, introducing rapid and heavy digital transformation without putting proper cybersecurity protocols in place.
As a result, attack surfaces — most prominently in manufacturing, healthcare, and education — doubled and tripled in size, which appealed to ransomware groups. Until regulated industries can appropriately secure their assets, ransomware groups will continue to target the and carry off confidential information.
Ransomware groups, old and new
We can, unfortunately, expect an increased likelihood of organizations experiencing a ransomware attack. Ransomware groups are motivated, want “market share” and will capitalize on untapped business sectors to attain it.
Ransomware is a profitable microcosm, and we can expect to see it grow as a startup ecosystem, with more groups acting as unicorns, disruptors, and newcomers.
In 2023, groups such as AlphaV, made too much “noise” and drew in significant attention from law enforcement. Next year, I expect that one or two major groups will either get shut down, or we’ll see groups dismantle and form smaller, more low-key groups.
Government pressure will force some ransomware groups to disband or law enforcement will catch principal bad actors, but affiliates can attack themselves other groups. More bad actors are springing up in the US — this is something we haven’t seen extensively before — so the likelihood that federal law enforcement can locate and shut down ransomware groups will increase.
Ransomware groups and their impact
AlphaV and LockBit will continue to compete for the top ransomware group spot. They’ll continue to attract more affiliates based on their reputation, and have more attacks up their sleeve. Cl0p, on the other hand, is a hit-and-run group — it will likely strike only once or twice in 2024, but the victims will be in the hundreds.
Ransomware groups will strive to create or maintain a professional reputation, and try to avoid being seen as impulsive. Smaller groups will try to deploy ransomware faster than leading groups like LockBit, to demonstrate that they’re more powerful and “technical”.
Meanwhile, larger groups will act like debt collectors, accruing small ransoms in various places and then transferring them to another group.
As groups become smarter in their attack methods, and in how they market and brand themselves, they will be more strategic and will have more longevity than ever before, potentially resulting in bigger payouts.
Ransomware targets in 2024
Organizations will continue to pay ransoms even if they have system backups, they may take days or weeks to be restored. Because organizations can perceive law enforcement support as lacking, and ransoms are often small, organizations will continue to pay them. In some cases, though, paying the ransom may lead to bankruptcy.
Organizations in the US will continue to be the most popular targets of ransomware gangs.
It’s imperative for leaders prepare their 2024 security strategies now and have a plan in place for when ransomware hits their organization.