Ransomware: A Growing Cyber Threat to the World
Ransomware is now one of the biggest challenges in the world of cybersecurity. Hackers use it to hack user’s accounts and lock them out of their own accounts. Once this is done the hackers demand a ransom to release access to the accounts. Businesses, individuals, and even in some instances governments have become a victim of such ransomware. This new evolving phenomenon leads to noticeable financial as well as operational implications. Today I will discuss some recent notable ransomware attacks, recent statistics, and what can be done to prevent these attacks.
Notable Ransomware Attacks in 2024
In 2024 Ransomware attacks in the world have been noticed on the rise. Below are some of the key incidents:
LoanDepot USA:
LoanDepot is a mortgage company in USA. In January 2024, LoanDepot suffered a ransomware attack by a cybercrime group named ALPHV/BlackCat ransomware (a Russian speaking group). The attack affected around 16.9 million records of LoanDepot. Initially the group demanded $6 million as ransom, and the company refused to pay. Eventually the company had to pay $12-17 million as ransom to get the system back. (Comparitech).
Port of Seattle:
In August 2024, Rhysida ransomware group (believed to be Russian Speaking) breached the network system of Port of Seattle. The attack impacted baggage handling, check-ins, and other essential services of the Port. The Port declined to pay the ransom, resultantly the attack was expanded which also caused disruptions of critical airport systems. CyberSec Training & Consulting
National Health System (NHS) London:
In June 2024, Qilin ransomware group (again a Russian speaking group) leaked data of nearly 900,000 NHS patients. The group exposed sensitive medical information of the patients. The group initially demanded $50 million from UK Health Services. It is still not declared that exactly how much did the pay. This case raised significant concerns about data protection in the health sector. Comparitech
Statistics of Ransomware Attacks (2022-2024)
Before going further deep into the matter lets have a look at summary of ransomware incidents over the last three years. I will try to give a breakdown of affected countries, alleged source countries of the attacks and amount of data effected by the attacks.
| Year | Country | Number of Attacks | Total Records Compromised (Millions) | Alleged Source Country |
| 2019 | USA | 320+ | 75.0 | Russia |
| 2019 | UK | 80 | 18.2 | Russia |
| 2020 | USA | 450+ | 95.7 | China |
| 2020 | UK | 120 | 25.5 | Various |
| 2021 | USA | 510+ | 110.3 | Russia |
| 2021 | UK | 135 | 28.9 | China, Russia |
| 2022 | USA | 500+ | 100.2 | Russia |
| 2022 | UK | 150 | 30.4 | Russia |
| 2023 | USA | 600+ | 125.5 | Russia, China |
| 2023 | Pakistan | 50 | 10.2 | Unknown |
| 2024 | USA | 420 (Jan – June) | 35.3 (Jan – June) | Various |
| 2024 | UK | 100 (Jan – June) | 20.1 (Jan – June) | Various |
| 2024 | Pakistan | 25 (Jan – June) | 5.3 (Jan – June) | Unknown |
Trends to Notice
The statistics reveal a concerning trend, particularly for USA and UK. Both are facing continued attacks from ransomware groups. Most of the times the attacks are originated from groups in Russia and China. Another trend that can be identified from the statistics is that attackers are targeting systems of the countries which have heavy amount of data value. These trends clearly emphasize on need for more secure systems.
Challenges in Investigating Ransomware
Ransomware investigations are one of the hardest investigations to track back to actual perpetrator. These investigations do not only include tracking of encrypted transactions and also faces cross border jurisdiction issues. Ransom is mostly paid and collected in Cryptocurrencies like Bitcoins. This has facilitated ransomware groups for their payments. On the other hand it is a challenge to trace and recover funds. Moreover these sophisticated ransomware groups operate on shared cloud computing to make their attacks more efficient and hard to be identified. For more information that how cloud computing facilitates the cybercriminals please check my blog on Challenges of Cloud Computing Forensics. In that blog I have discussed these jurisdictional and technological complexities of cloud computing.
How to Protect Against Ransomware
Any single Law Enforcement Agency or Government alone cannot safeguard its own or public data against ransomware attacks. Therefore, to protect the systems against ransomware, everyone including individuals and businesses will have to take the following steps:
Data Backups:
Data must be regularly backed up to reduce the damage caused by any possible ransomware attack. The backups will allow quick data restoration and better position to bargain with the attackers.
Security Software:
Every computer network has some type of antivirus and anti-ransomware solutions installed and running on its network. However, most of the businesses and individuals consider that mere its installation and turning it on is enough. Whereas, that is not the truth. It is very important to keep these solutions up to the date. Because these solution companies are always doing their research and development. On the basis of their R&D they are regularly updating their solutions to detect and mitigate latest threats. Therefore, it is important to keep these solutions up to date. To better understand these latest technologies you can read my blog on AI’s Role in Cybersecurity for insights on advanced protection.
User’s Awareness:
It has been experienced that phishing emails are the starting point of any ransomware attack. Therefore, training the employees on this issue to recognize suspicious emails is very important. To learn more about phishing, read my article on Phishing Scams and Their Impact.
Conclusion
Out of different types of cybercrimes, Ransomware attacks have been proven to be most persistent and ever growing threat. Because, historically it has been learnt that kidnapping for ransom has never been neutralized. Therefore, staying informed and adopting latest cybersecurity practices is very important for everyone. By taking simple steps, we can reduce our risk of falling a victim to these ransomware attacks.
