The ransomware industry is thriving, but not losing.
Despite law enforcement's various victories against ransomware attackers, including the sweeping takedown of LockBit and the seizure of Radar, hackers continue to profit from these data theft attacks. 2024 looks set to be the most profitable year ever.
Allan Liska, a ransomware expert and threat intelligence analyst at cybersecurity firm Recorded Future, said: In an interview with TechCrunch in London earlier this month, Liska said 2024 is on track to be another record-breaking year for ransomware, and the ransoms paid by victims to hackers will be record-breaking as well. I admitted something.
“The curve will flatten a little bit, which I think is good news. But a record-breaking year will still be a record-breaking year,” Liska told TechCrunch. “As far as I know, this year is the first time four eight-figure ransoms have been paid.”
One of these eight-figure sums was the amount Change Healthcare paid to Russian cybercriminal organization ALPHV following the theft of highly sensitive medical data relating to hundreds of millions of Americans. The ransom amount was $22 million. Liska said a civil war then escalated between the ransomware group and its affiliates, which carried out the hack on ALPHV's behalf.
“If I ever wanted a reality show, this was it,” Liska said.
This apparent mismanagement could get even worse as younger attackers join ransomware attacks, as we've seen with highly skilled and financially motivated hackers like Lapsus$ and more recently Scattered Spider. It becomes more sexual. This loosely organized group of primarily teenage hackers, whose first language is English, carried out some of the most devastating cyber attacks in history, including the MGM Hotel intrusion and an alleged link to the recent cyber attack on Transport for London. I've been doing it.
The disparate nature of these attackers is evidenced by the rise in data theft-only attacks, which increased by more than 30% in 2024, according to Liska. “The number has increased significantly compared to just a few years ago,” he told TechCrunch. “A lot of new attackers just don't want to deal with things like encryption and decryption,” he said, referring to attacks that extract large amounts of stolen data.
The persistence of teenage hackers has already led to an increase in attacks aimed solely at extortion, but this may be just the tip of the iceberg. Liska warns that these crafty attackers may skip data theft altogether and instead choose to steal money directly from cryptocurrency exchanges. To make matters worse, Liska warned that the fight against ransomware could spill over into real-world violence, and if victims say they won't pay the ransom, they'll be able to send real-world information to their targets. described the escalating extortion tactics used by groups like Scattered Spider.
The outcome of the upcoming US election may also have a significant impact on the future of ransomware.
Liska said the global ransomware task force established under the Biden administration has brought “huge benefits” to the fight against hackers, thanks to increased information sharing between nations. Liska said “there's a good chance it will go away” if the U.S. no longer shares information with its allies under the Trump administration, which promised massive government deregulation.
“I don't think we're prepared for that, and if law enforcement is less able to do their job, we could see more ransomware attacks,” Liska said. .
Under the former Trump administration, “we saw WannaCry and NotPetya, but there was no immediate response,” Liska said.
What's the solution? Liska, who said at TechCrunch Disrupt 2023 that banning ransomware payments is not the answer, now says it's the only solution.
“We've had more than 20 enforcement actions against ransomware this year alone, which is great. But if you're going to pay eight-figure ransoms to these attackers, the incentive model changes. You may be arrested, but you may also receive an eight-figure ransom. This is a difficult challenge.”
“My answer is to ban ransom payments. It's a terrible solution, but it might be the least bad solution we have,” Riska added. .