Delinea recently published its annual State of Ransomware report. The analysis revealed an upward trend in ransomware, signalling a shift in cybercriminal strategies. Traditional techniques of incapacitating a business and demanding a ransom have given way to stealthier methods, such as exfiltrating confidential data to sell to the top payer on the darknet or utilising it to demand substantial cyber insurance settlements.

The research, entitled 'State of Ransomware 2024: Anticipating the Battle and Strengthening Your Defenses,' analysed Censuswide survey data from more than 300 American IT and Security decision makers. The research sought to uncover significant shifts compared to previous year data and determine emerging trends. Primary among them is a resurgence of ransomware; even though the numbers have not yet reached the 2021 peak, the proportion of organisations citing themselves as recent victims more than doubled from 25% to 53%. Mid-sized businesses have emerged as the prime targets of cybercriminals, with 65% of these organisations noting incidents of ransomware in the last 12 months. There are also more victims paying ransoms than before, with the figure increasing from 68% to 76% since the last year.

Interestingly, the survey shed light on new motives, strategies, and tactics. There was a 39% surge in data exfiltration, shifting from 46% to 64% and becoming the motive of choice for attackers. This move towards stealing sensitive data to sell on the darknet is demonstrated in the significant decline in traditional money extortion, which dropped from 69% to 34% this year.

Rick Hanson, President at Delinea, stated, "Ransomware certainly appears to have reached a critical sea change – it's no longer just about the quick and easy payout. Even as organisations are investing more in safety nets like cyber insurance which often have ransomware payouts included in coverage policies, cybercriminals are finding that using stealth tactics to stay under the radar and access sensitive, valuable information to sell is the better investment of their effort."

Another notable development is the shift in cyber criminals' tactics. The preferred method moved from email (down from 52% to 37%) to attacks on the cloud (44%) and compromised applications (39%). By staying covert for longer periods, attackers can keep their access to systems and data unchecked, thereby inflicting more damage when they want.

Contradictory trends exist regarding defensive measures adopted by organisations against ransomware. Despite the fact that 91% mention ransomware-specific budget allocations, up from 68% in 2022, only 61% (down from 76%) allocate security budgets after an attack. This decline could be due to economic uncertainty or tighter budgets. Whilst 76% claimed their leadership is concerned about ransomware, this concern often only emerges after an attack.

Joseph Carson, Advisory CISO and Chief Security Scientist at Delinea, noted, "The changing strategies and tactics in ransomware attacks require a layered approach to security that mitigates the risk of unauthorised access, even when credentials are compromised. It also shows the critical role privileged access plays in overall cybersecurity postures."