This initial segment of 2024 has witnessed yet another unparalleled year in terms of ransomware attack expenses with escalating ramifications on a global scale for clients, services, and financial results. Here are some noteworthy headlines to ponder:
InfoSec Journal — Change Healthcare Ransomware Impact Estimated to Increase to At Least $2.3B in 2024: “UnitedHealth Group (UHG) has revealed the updated cost of its measures following the ransomware incident on Change Healthcare in February 2024. The total projected cost for this year now stands between $2.3 billion and $2.45 billion, surpassing the previously reported figures by more than $1 billion. UHG has already expended nearly $2 billion in managing the aftermath of the ransomware attack, causing extensive disruptions to providers nationwide due to prolonged service interruptions.”
TechSpot — CDK Global Service Disruption Concluded After Allegedly Settling $25 Million Ransom: “The cyber intrusion initiated on June 19, 2024, and led to system downtime at CDK Global, resulting in software failures that paralyzed car dealerships across the country. CDK Global rushed to recuperate its systems post-attack, a process that took approximately a fortnight.”
Florida Department of Health Suffers Ransomware Assault, as reported by Tampa Bay Times: “A recent cyber attack on the Florida Department of Health has disrupted the state’s ability to issue essential certificates and may expose sensitive patient data. An ransomware group named RansomHub declared on the dark web that it had acquired 100 gigabytes of data, threatening to release it by Friday if a payment is not made. Florida legislation strictly prohibits ransom payments by state and local entities, and not all cyber malefactors honor their commitments upon receiving remuneration.”
FRESHLY-RELEASED RANSOMWARE REPORTS
Sophos has recently published their latest annual report: Assessment of Ransomware in Critical Infrastructure for 2024. This report presents insights gathered from an independent, vendor-neutral survey of 5,000 executives responsible for IT/cybersecurity in 14 nations, conducted in January and February 2024.
Outlined below are their research approach and noteworthy discoveries:
- Analysis encompassed 275 participants from energy, petroleum, and utility entities — falling under Energy and Water sectors within CISA’s defined critical infrastructure categories.Â
- Restoration costs for energy and water utility establishments quadrupled to $3 million within a year.
- 49% of ransomware assaults on these two vital sectors originated from exploited vulnerabilities.
- 67% of firms in these sectors reported ransomware incidents in 2024.
- Merely 20% of entities hit by ransomware managed to rebound within a week or less this year, in contrast to 41% in 2023 and 50% in 2022 (energy and water organizations encountered lengthier recuperation periods).
A notable excerpt from the report states: “Out of 86 respondents from energy, oil/gas, and utility fields who paid the ransom, divulged the amount actually paid.
- Median ransom: $2,540,000
- Average ransom: $3,225,093
Ransom amounts vary significantly across industries. The Information Technology, tech, and telecommunications sectors reported the lowest median payment ($300,000), trailed by distribution and transport sectors ($440,000). Conversely, both lower education and central/federal government organizations paid median ransoms of $6.6M.”
Additionally, BlackFog published their June ransomware report, highlighting the following:
“June exhibited a reduction in total threat incidents for the year with 45 cumulative attacks. While still historically significant, this figure marks the second-highest June recorded. It underscores the growing normalization of such attacks. Despite lower monthly attack rates, the proportion of unreported incidents remains high at 774%, illustrating the substantial volume of unreported attacks still occurring.
“Healthcare emerged prominently this month with a 25% increase from May, followed by government and tech sectors with bumps of 23% and 21% respectively. In contrast to prior months, the education sector experienced a modest 8% rise that month.
“Regarding variants, there was a notable surge in Play this month by 33%, trailed by Black Basta and Medusa at 14% and 13% respectively. This uptick follows a substantial rise in undisclosed Medusa attacks last month, usually acting as a precursor to revealed assaults in subsequent months. While Lockbit remains the foremost variant by a considerable margin, it observed a modest 3% uptick this month.
“Notably, data exfiltration featured in 93% of all attacks, with PowerShell leading at 62%, representing an 11% rise from the preceding month. China and Russia persist as key destinations for extracted data with 15% and 6% shares, respectively.”
Lastly, ReliaQuest shared insights into Q2 2024 ransomware trends in their recent blog post. Here are some highlights:
- “In Q2 2024, ReliaQuest identified 1,237 institutions listed on ransomware data-leak platforms, marking a 20% spike from Q1 2024. Ransomware activities in this quarter exhibited monthly fluctuations. May recorded 43% of institutions listed on leak sites, followed by a markedly low figure in June. These statistics deviate from prior progression rates, signaling potential disruptions within the ransomware-as-a-service sector impacting their numbers.
- “Following law enforcement actions against LockBit in February 2024 and the disbandment of ALPHV, newer factions like RansomHub, BlackSuit,…”
BlackBasta and the firm have drawn in new partners and boosted their operations. Expectations are that there will be a steady rise in ransomware activity from emerging factions in the latter part of 2024 as partners adapt to novel operators.
We present to you a session from the 2024 RSA Conference on the ransomware threat landscape that includes references:
OBSERVATIONS REGARDING RANSOMWARE-RELATED MATTERS
In May 2023, following a somewhat slower phase in 2022 concerning ransomware, an article was penned: “Are We Noticing Fewer Ransomware Aggressions? Not Quite!.” These trends appear to persist into 2024.
Furthermore, as I journey across the nation delivering presentations stemming from my publication Cyber Mayday and the Day After, a collection featuring authentic anecdotes about ransomware from the standpoint of C-Suite executives, the intrigue and allure regarding the subject persist to burgeon.
A revisit to a multitude of the aforementioned themes I have previously addressed (which culminated in the publication) is necessitated, as these cyber predicaments continue to escalate, in spite of the best endeavors of many. In certain cases and domains, fresh personnel are not well-versed in the issues and remedies available. Â
This authored piece from Healthcare IT Today delineates recommendations for healthcare institutions post the Ascension Healthcare ransomware incident.
I would be negligent if I did not acknowledge the unparalleled global repercussions of the Crowdstrike software update mishaps, which are hampering businesses, airports, and governments globally when this blog is being penned on Friday, July 19. Despite the changing nature of this situation, this occurrence acts as a reminder of the magnitude of the stakes involved with technology — spite the absence of a cyber onslaught. Numerous narratives will emerge on this matter, yet irrespective of your viewpoint, the world’s attention is once again brought to bear on cybersecurity. (Even if, in this instance, it’s a cyber enterprise striving to thwart malware making an error.)
CLOSING REMARKS
Wired magazine recently featured a piece on this ransomware subject, and their headline encapsulates it: “Ransomware Is ‘More Brutal’ Than Ever in 2024.”
About Author
