Based on reports from Chainalysis and Zscaler, ransomware attacks have surged dramatically in 2024, with victims paying a record-breaking $459.8 million in the first half of the year alone, including a staggering $75 million ransom payment by a single company.
Rise of Ransomware-as-a-Service
Ransomware-as-a-Service (RaaS) has emerged as a significant driver behind the surge in ransomware attacks. This subscription-based model allows even inexperienced cybercriminals to launch sophisticated attacks using pre-developed ransomware tools12. Key aspects of RaaS include:
-
Lowered technical barriers for attackers, with some RaaS kits available for as little as $40 per month1
-
Profit-sharing models where affiliates can earn up to 80% of ransom payments3
-
Provision of technical support, customization tools, and infrastructure management4
-
Proliferation of new ransomware variants, with 10,666 new variants identified in the first half of 2022 alone5
The rise of RaaS has led to a more fragmented and diverse ransomware landscape, making it increasingly challenging for organizations to defend against these evolving threats6.
Impact of Law Enforcement Takedowns
Law enforcement agencies have intensified efforts to disrupt major ransomware operations in recent years. These efforts have led to significant takedowns of notorious groups like LockBit, ALPHV/BlackCat, and Hive12. These actions have fragmented the ransomware ecosystem, forcing affiliates to migrate to less effective strains or develop their own variants34.
While the long-term impact remains uncertain, these disruptions have:
-
Reduced the dominance of large Ransomware-as-a-Service (RaaS) platforms4
-
Eroded trust within cybercriminal communities5
-
Led to a proliferation of smaller, less sophisticated ransomware groups36
-
Potentially decreased the overall success rate of attacks, with more organizations resolving incidents without paying ransoms6
However, experts caution that the ransomware threat persists, as cybercriminals adapt their tactics and new groups emerge to fill the void left by dismantled operations78.
Big Game Hunting Strategy
Big game hunting has become the dominant strategy for ransomware attackers in recent years, focusing on high-value targets for larger payouts. This approach involves targeting large corporations, financial institutions, and critical infrastructure providers capable of paying multimillion-dollar ransoms12. Key characteristics of big game hunting include:
-
Careful target selection based on financial capability and likelihood of payment
-
Extended reconnaissance periods, often lasting months, to study the target's IT systems
-
Use of advanced ransomware strains and sophisticated attack methods
-
Emphasis on data exfiltration for double extortion tactics
-
Demand for significantly higher ransom amounts, with median payments increasing from $200,000 in early 2023 to $1.5 million by mid-202434
This shift towards big game hunting has led to fewer but more impactful attacks, with ransomware groups like Cl0p exemplifying the strategy by leveraging zero-day vulnerabilities to target multiple large organizations simultaneously5.
