Data theft drove 94% of Cyberattacks in 2024

Theft of data represented 94% of all world cyber attacks in 2024, according to new research, because cybernetics are increasingly combining data exfilification in ransomware campaigns.

Beyond encryption, Ransomware attackers Now threaten to drain or sell the data of a company on the dark web, if the victims refuse to pay. Stolen information often includes personal identifiable data and own intellectual property.

The results come from the 2024 Blackfog Ransomware trend report, which analyzed the ransomware activity in hundreds of publicly revealed attacks and does not reveal on global organizations between January and December.

The report found that the average amount of data stolen in an undesirable exfilment attack is 592 GB, and the number of cyber attacks revealed and undesirable increased by 25% and 26% from year to year.

Dr. Darren Williams, the founder and executive director of Blackfog, said in a press release: “The report shows that 2024 was a landmark, with organizations that are facing financial and reputational damages to restore operations. “

According to the report of the cost of violating IBM data, the average cost of a ransomware attack involving data exfiltration in 2024 was $ 5.21 million.

“As cybernetics continually improve their techniques to exploit vulnerabilities and launch large-scale attacks, defense against ransomware is becoming more and more complex,” added Dr. Williams. “Governments intensify efforts to combat this growing threat, introducing new measures, such as compulsory reporting ransomware. However, the global ransomware crisis continues to grow at an alarming rate. “

Ransomware attackers are increasingly attracted to the legitimate tools of the company

In September 2024, security researchers discovered a double-exit ransomware variant Direction of VMware Esxi serverswho copied and encrypted the target data. Ransomware groups also exploited legitimate File transfer technology to ensure attacks.

SEE: Microsoft says ransomware groups exploit vmware Esxi defect

Blackfog reported that Powershell was used in 56% of ransomware cases in 2024, emphasizing how attackers “use more and more legitimate tools and platforms to infiltrate networks, establish a presence and exfiltrate data without a trigger alarms on many platforms for protecting the final point. ”

The main target industries are facing tireless pressure

The manufacturing, services and technology sectors have registered the highest number of unrelated attacks and are often quoted as extremely targeted Due to the critical nature of the time of use, high levels of digitalization and large volumes of sensitive data.

For the attacks revealed, the medical assistance, the government and the education were the most targeted, representing 47% of all ransomware news titles in 2024. Including. Starbucks, Sainsbury’s, MorrisonsLondon Drugs and Krispy Krere.

Ransomware groups: old leaders persist, new players appear

Lockbit remained the most active ransomware group, attacking 603 reported victims. This was despite a major The collection of the law In February 2024, led by the cyber division of the National Crime Agency in the United Kingdom, the FBI and other international partners. Temporarily disabled operation The Ransomware-AS-Service platform of Lockbit, but the group resumed the operations later on a new Dark Web web domain.

Still, Payments to Lockbit fell by 79% In the second half of the year, according to separate researches.

Blackfog’s report identified Ransomhub as the second most active ransomware group in 2024. A relatively newcomer, appeared in February 2024 and quickly obtained notoriety on the global producer Kawasaki and the Halliburton oil and gas services company.

Medusa and the game ranked third in incidents revealed and undesirable respectively.

The growth of new ransomware groups powered by AI

A Cyberint report in October found that the second quarter 2024 had the highest number of Active ransomware groups In the recording, as smaller groups, they entered the scene.

In January 2024, the National Cyber ​​Security Center in the UK warned that Threat of ransomware It was expected to grow due to the new availability of the technologies that decrease the entrance barrier, allowing even the unexpected criminals to make sophisticated attacks.

Blackfog’s research strengthened these discoveries, reporting that 48 new ransomware groups appeared in 2024, marking an increase of 65% compared to the number of new variants compared to the previous year. More than half of all ransomware attacks in the last two months of 2024 have been made by these newly formed groups.