Last month, a strange thing happened in cybersecurity: a type of cyberthreat typically reserved for large businesses and critical services appeared on the computers of everyday people.
Starting on July 20, hundreds of individuals across the globe began reporting problems with ransomware. Ransomware is an existential threat to businesses everywhere, but for years, it has been understood as primarily that—a business threat.
By focusing their attacks on multimillion-dollar organizations and essential government and health services, ransomware gangs hope to force a payment from their victims who cannot risk shutting down. For some victims, like hospitals, such an impact to their services could be a matter of life and death.
But for the ransomware campaign in July, which involved a variant called Magniber, cybercriminals focused not at all on businesses, but on people. After victims had their computers infected, they received a ransom note and a demand for $1,000 in exchange for having their devices and files cleaned. If victims waited for more than three days to pay up, the demand shot up to $5,000.
The campaign lands during a devastating period of ransomware attacks against businesses, in which the frequency of attacks has steadily climbed up and up, annually, for several years. This increase in attacks is recorded and analyzed in the latest 2024 ThreatDown State of Ransomware report by Malwarebytes, which can be viewed below.
With a global increase in ransomware attacks against businesses, and with no decryption key in sight for victims of Magniber, it’s more clear than ever that ransomware is a must-know cybersecurity risk for people at home.
Why you need to know about ransomware
The most important services in your life are also the most attractive targets for ransomware gangs around the world, which is why your banks, grocery stores, hospitals, schools, government resources, and more could, without any fault of your own, suddenly grind to a halt. Because of ransomware attacks in the past, surgeries have been delayed, classes have been cancelled, and, more recently, a credit union’s customers had their direct deposit payments thrown into disarray.
In ransomware attacks, the pressure is the point.
For years, cybercriminals have focused their ransomware attacks against the types of organizations that are essential for everyday life, including hospitals, schools, critical infrastructure, and entire city governments. Once these organizations are infected with ransomware, their systems and devices become useless, as a ransomware attack will grab all files stored within reach and “encrypt” them—making them inaccessible to their own users without a related “decryption key.”
It is at this critical moment when the clock starts ticking for ransomware victims.
Organizations without reliable backups, unable to work or provide vital services, are pressured into a dreadful decision: Do they pay the cybercriminals a ransom to receive the decryption key (and trust that it works), or do they try to start from scratch, rebuild their technology operations, and refuse to fund the efforts of cybercriminals?
For businesses around the world, it’s a question that is happening more frequently, Malwarebytes found.
Between July 2023 and July 2024, ransomware attacks against organizations increased by 33% across the world, year-over-year, according to the 2024 ThreatDown State of Ransomware report. The US and the United Kingdom suffered the greatest uptick in attacks during the same time period, of 63% and 67% respectively.
But it wasn’t just the frequency that increased. It was also the ransom payments.
While the attacks that deployed Magniber against everyday people requested just thousands of dollars, ransomware attacks against businesses and organizations can include demands of millions upon millions of dollars.
In fact, in 2023, the total sum of all ransomware payments made—meaning actual money transferred to cybercriminals by their victims—surpassed $1 billion. The average ransom payment during the same time period was $620,000, and the cost of recovering from a ransomware attack was an astonishing $4.7 million.
In its investigation, Malwarebytes also revealed that ransomware attacks against organizations were becoming faster, happening more frequently at night (so as to avoid detection), and relied increasingly on an attack method in which cybercriminals would use a breached computer’s own software to help carry out the attack.
But most intriguing to everyday users is the discovery that the US is unique in suffering attacks on healthcare facilities and schools and colleges. While the US accounts for a shocking 48% of all ransomware attacks worldwide, it accounts for 60% of all education attacks and 71% of all healthcare attacks.
Your role in this threat landscape is complex. While there is not much you can do to protect hospitals, schools, banks, and city governments, there also is not much you should do. These are separate entities that are responsible for their own cybersecurity and the public cannot be expected to manage the operations of every service they need.
That said, there are steps you can take to protect yourself from ransomware attacks.
How home users can prevent ransomware
There are some rules that can help you avoid falling victim to this type of ransomware:
- Make sure your system and software, including your browser, are on the latest version. Criminals will exploit known holes that have been patched by the vendors but not updated everywhere.
- Run a trusted anti-malware solution.
- Never download illegal software, cracks, and key generators.
- Use a malicious content blocker to stop your browser from visiting bad sites.
- Don’t open unexpected email attachments.
- Don’t click on links before checking where they will take you.
If you do accidentally get caught by ransomware, we recommend you don’t pay. There’s no guarantee you’ll get your files back, and you’ll be helping to line the pockets of criminals.
You can also read the full 2024 ThreatDown State of Ransomware report below.