Today, people around the world go to school, doctor’s appointments, and pharmacies, only to be met with, “We’re sorry, our computer systems are down.” The frequent culprit is a cybercriminal gang operating on the other side of the world and demanding payment for access to the system or the safe return of stolen data.
The ransomware epidemic shows no signs of slowing in 2024, despite increasing police repression, and experts fear it could soon enter a more violent phase.
“We are definitely not winning the fight against ransomware right now,” Allan Liska, threat intelligence analyst at Recorded Future, tells WIRED.
Ransomware may be the defining cybercrime of the last decade, with criminals targeting a wide range of victims, including hospitals, schools and governments. Attackers encrypt critical data, bringing the victim’s operation to a complete halt, and then extort them with the threat of revealing sensitive information. These attacks have had serious consequences. In 2021, Colonial Pipeline Company was attacked by ransomware, forcing the company to suspend fuel supplies and prompting US President Joe Biden to implement emergency measures to meet the demand. But ransomware attacks are a daily occurrence around the world: last week, ransomware hit hospitals in the UK—And many of them don’t make the headlines.
“There is a problem of visibility of incidents; most organizations do not disclose or report them,” says Brett Callow, threat analyst at Emsisoft. He adds that this makes it “difficult to determine which direction the trends are” month to month.
Researchers are forced to rely on information from public institutions that reveal attacks, or even from criminals themselves. But “criminals are lying bastards,” says Liska.
By all indications, the problem is not going away and could even accelerate in 2024. According to a recent report from security firm Mandiant, a Google subsidiary, 2023 was a record year for ransomware. Reports indicate that victims paid more than $1 billion to gangs, and those are just the payments we know of.
A major trend identified in the report was more frequent posting by gangs on so-called “sites of shame,” where attackers leak data as part of an extortion attempt. According to Mandiant, there was a 75 percent increase in posts on data leak sites in 2023 compared to 2022. These sites employ flashy tactics like countdowns to know when victims’ sensitive data will be made public if they don’t pay up. This illustrates how ransomware gangs are increasing the severity of their intimidation tactics, experts told WIRED.
“Generally speaking, their tactics are becoming more and more brutal,” Callow says.
For example, hackers have also started directly threatening victims with intimidating phone calls or emails. In 2023, Seattle’s Fred Hutchinson Cancer Center suffered a ransomware attack and cancer patients individually sent emails threatening to reveal their personal information if they did not pay.
“My concern is that this will turn into real-world violence very soon,” Callow says. “When millions are available, they could do something bad to an executive of a company who refuses to pay, or to a member of his family.”