Amid rising geopolitical tensions, ransomware attacks are set to reach record levels in 2024, increasing risks for businesses worldwide. There is a shift to more sophisticated extortion tactics, highlighting the urgent need for coordinated global action and robust incident response strategies as organizations confront increasingly aggressive and persistent cyber threats, according to GlobalData, a leading data and analytics company.

GlobalData’s latest Thematic Intelligence report, “Deep Dive into Ransomware,” found that 2023 was the third-worst year on record for ransomware attacks and the worst year for payments, which exceeded $1 billion, according to Chainalysis.

David Bicknell, Principal Analyst of Thematic Intelligence at GlobalData, comments: “Businesses are under constant threat from ransomware attacks and, once compromised, must decide whether to pay the ransom to restore their operations and data. The increase in attacks reflects a shift to a more aggressive ransomware landscape. What started as phishing-led raids requiring decryption keys has evolved into sophisticated extortion, with attackers posting victims’ details on the dark web, leading to further attacks by other groups.”

Companies that have suffered ransomware attacks include Boeing, Caesars Entertainment, MGM Resorts, Change Healthcare, Royal Mail, Johnson Controls, the UK National Health Service (NHS), Sony, Capita and Dish Network.

Jordan Strzelecki, Associate Analyst of Thematic Intelligence at GlobalData, added: “High-profile law enforcement operations are increasingly disrupting ransomware gangs. Successful action against Hive, LockBit and AlphV temporarily halted the flood of attacks and sent a warning to cybercriminals that their days could be numbered.

“However, the ransomware industry is never static, and new gangs are constantly emerging to replace those that have been eliminated or become less effective. Gang members are taking a larger cut of ransom payments and are launching repeat attacks. Ransomware gangs are now actively competing to attract talent.”

Bicknell continued: “Government and cybersecurity efforts against ransomware and ransom payments must be coordinated and international. Countries will not succeed in combating bad actors if they spend their time trumpeting their own cybersecurity credentials and competing with other countries. The fight against ransomware can only be won if countries, cybersecurity, law enforcement and businesses work together.”

Strzelecki concludes: “Every company needs to develop and test an incident response plan, see the bigger picture around paying the ransom, and stay up to date on ransomware developments to protect their organizations in the event of a successful attack.”