Today, people all over the world go to their school, hospital or pharmacy and hear, “Sorry, our computer system is down.” Most often, the culprits are cybercriminal gangs operating on the other side of the world, who demand payment for access to the system or the safe return of stolen data.
Despite increased police crackdown, the ransomware epidemic shows no signs of slowing in 2024, with experts fearing the malware could soon enter a more violent phase.
“The war against ransomware is completely unwinnable at this point,” Alan Liska, a threat intelligence analyst at Recorded Future, told WIRED.
Ransomware is arguably the defining cybercrime of the past decade. Criminals target a wide range of victims, including hospitals, schools, and governments. Attackers encrypt critical data, completely halt the victim’s operations, and then extort money by threatening to release confidential information. These attacks have serious consequences. In 2021, Colonial Pipeline Company was targeted by ransomware, forcing the company to suspend fuel supplies and prompting US President Joe Biden to implement emergency measures to meet demand. However, ransomware attacks are commonplace around the world, with a UK hospital hit by ransomware last week. And many of them don’t make the headlines.
“There’s a visibility issue around incidents, and most organizations don’t disclose or report them,” says Brett Callow, a threat analyst at Emsisoft, who adds that this makes it “difficult to understand how incidents are trending from month to month.”
Researchers must rely on information from public authorities that publicize attacks, or from the criminals themselves, but “criminals are liars,” Liska said.
All indications are that this problem, far from going away, may even accelerate in 2024. According to a recent report from security firm Mandiant, a subsidiary of Google, 2023 was a record-breaking year for ransomware. Victims reportedly paid over $1 billion to gangs, and that’s just the payments we know about.
A big trend uncovered in the report is the increased frequency of gang postings on so-called “shame sites,” where attackers leak data as part of extortion tactics. According to Mandiant, postings on data leak sites increased 75 percent in 2023 compared to 2022. These sites use flashy tactics, such as countdowns until sensitive data is made public if victims don’t pay up. This indicates ransomware gangs are getting tougher in their extortion tactics, experts told WIRED.
“Generally speaking, their tactics are becoming more and more brutal,” Callow said.
For example, hackers have begun to directly threaten victims with threatening phone calls and emails: In 2023, Seattle’s Fred Hutchinson Cancer Center was hit by a ransomware attack, and cancer patients received individual emails threatening to make their personal information public if they did not pay.
“I worry that this could quickly spill over into real-world violence,” Callow said. “If people have access to millions of dollars, they might do something bad to the company executives and their families who are refusing to pay them.”
