Ransomware Attacks on the Rise in 2024

A surge in ransomware groups in 2024 has left companies facing increased attacks, even as law enforcement ramps up investigations against well-known groups such as LockBit, and dismantles popular cybercriminal services, such as phishing-as-a-service provider LabHost and the encrypted messaging platform Ghost.

State of Ransomware in 2024

A pair of new studies outlines the state of play. Overall, more than 75 ransomware groups were actively compromising targets in 2024, compared to only 43 the prior year, according to a recent Rapid7 analysis. As a result, more than half of organizations suffered a successful attack, and the majority of those impacted shut down some operations leading to significant revenue loss, according to a large survey of IT and cybersecurity practitioners conducted by the Ponemon Institute.

Mitigating the Impact of Ransomware Attacks

In the best case scenario, companies can quickly move to cloud operations — or another plan for business continuity — giving them the best chance of recovering without drastic impacts, Rapid7’s Beek says. "We saw one company flip the switch, and suddenly the whole business was running on cloud resources while they were restoring the day-to-day operations," he says. "So the ransomware incident hardly impacted the business."

Key Factors in Ransomware Disruption

Companies that have a lack of visibility into — and a lack of security controls protecting — their networks face the most damaging disruption, says Illumio’s Dearing. "Things that allow lateral movement within organizations — like unpatched systems and weak passwords and open RDP ports — help attackers," he says. "So there’s an amount of basics that companies need to take."