Evolution of ransomware patterns aids in making payment choices
In the ongoing battle against cybercrime, significant progress has been reported in the global fight against ransomware threats. This progress is attributed to intensified efforts from law enforcement agencies worldwide, resulting in the dismantling of prominent ransomware-as-a-service (RaaS) groups such as LockBit.
This crackdown has led to a noticeable decline in annual ransomware payments, with figures dropping from $1.25 billion in 2023 to $813.55 million in 2024. Despite the global year-to-year rise in ransomware incidents, the rate of increase has started to level off, with a comparatively lower percentage increase observed in 2024 compared to the previous year.
However, it is crucial to remain vigilant as the diversity of ransomware variants has grown. In 2024, there were 101 identified variants, up from 70 the previous year. This increase is a worrisome indicator of the continued persistence and adaptiveness of cybercriminals. They are countering law enforcement activities by developing more sophisticated variants and focusing their efforts on high-value targets.
Ransomware-as-a-Service (RaaS) has become akin to a business model, with operators providing customers (often referred to as affiliates) with software, technical support, and infrastructure for launching attacks in a subscription-based market. This model has lower entry barriers as it requires no expertise in coding, enabling less-skilled or experienced actors to joining the ransomware landscape, provided they are willing to share a portion of the ransom with the RaaS operator.
Key trends in ransomware in 2025 include a focus on small and medium-sized businesses (SMBs), greatly increased use of AI and automation, and a shift in tactics such as double extortion and the exploitation of unconventional vulnerabilities. Attackers are becoming more sophisticated in their methods, seeking to maximize their impact and profitability while evading detection and response efforts.
Organizations must stay informed about these trends to make informed decisions regarding the payment of ransoms. A better understanding of the background of the RaaS operator, their capabilities, and tactics can help organizations make more informed choices about negotiating or refusing to pay ransoms. As the use of AI and automation in the RaaS underworld continues to grow, it is more essential than ever for organizations to stay current with these trends to protect their assets and minimize the impact of ransomware attacks.
[Source: Intel 471's Director of Intelligence Collections Management]
- The decline in annual ransomware payments might lead to a shift in the focus of cybercriminals from finance to other potential high-value targets in business, emphasizing the need for data-and-cloud-computing and technology solutions to bolster security measures.
- As the use of AI and automation in the RaaS underworld becomes more prevalent, understanding the trends in data-and-cloud-computing and technology will be vital for organizations to stay ahead of these sophisticated attacks and protect sensitive financial data.
