Ransomware attacks soar 63% in US, 67% in UK, says report

The latest report from Malwarebytes, titled "ThreatDown 2024 State of Ransomware," has highlighted a significant surge in ransomware attacks both within the United States and the United Kingdom over the past year.

According to the findings, the US witnessed a 63% increase in ransomware attacks, while the UK experienced an even higher uptick at 67%.

The report underscores a notable trend indicating that ransomware is becoming increasingly accessible to a broader range of cybercriminals. Specifically, the share of attacks executed by gangs outside the top 15 has risen from 25% to 31%. This shift suggests a decentralisation of cyber threats as less prominent groups gain the tools and capabilities to launch significant attacks.

In particular, the United States has emerged as a primary target, accounting for 48% of all ransomware attacks globally. The report further highlights that the US suffers 60% of the world's ransomware attacks on the education sector and a staggering 71% of attacks on the healthcare sector.

The manufacturing industry has not been immune to this rise in malicious activity. The sector saw a 71% year-on-year increase in ransomware attacks, emphasising an urgent need for robust cybersecurity measures in an industry that is rapidly digitising.

Marcin Kleczynski, Founder and CEO of Malwarebytes, remarked, "Ransomware gangs have time and motivation on their side. They constantly evolve to respond to the latest technologies chasing at their tails. We've seen this very distinctly over the past year as widespread adoption of technologies like Endpoint Detection and Response (EDR) has helped identify attackers before they launch malware, pushing ransomware gangs to work more quickly and put more effort into hiding themselves. Organisations and Managed Service Providers (MSPs) need additional support and continuous coverage to outmanoeuvre today's criminals."

In addition to the statistical data, the report also identified three significant trends in ransomware tactics and strategies. Firstly, ransomware gangs are increasingly employing "Living off the Land" (LOTL) techniques—utilising built-in system administration tools to perform their attacks. This approach makes detection and prevention more challenging for organisations that lack a dedicated Security Operations Centre (SOC).

Another emerging trend is the timing of these attacks. The majority now occur between 1 a.m. and 5 a.m., targeting organisations when IT staff are less likely to be present. This tactical shift requires organisations to have 24/7 monitoring capabilities to detect and respond to threats effectively.

The final trend identified is the compression of the ransomware attack timeline. The period from initial access to data encryption has been dramatically reduced from weeks to mere hours. This rapid escalation necessitates that organisations develop faster detection and response mechanisms to mitigate attacks promptly.

Chris Kissel, Research Vice President, Security and Trust at IDC, posed a critical question: "The question I ask organisations is, do you have someone prepared to stop an attack at 2 a.m. on a Sunday with your existing technology stack and staff resources? They may have a tool to pick up the alert on Monday morning, but by then it will be too late. Threat actors are moving fast to compromise networks, download data, and deploy ransomware. Having 24/7 coverage via a managed service will be key to keeping their organisation safe while also tapping into the cost efficiency of an outsourced team."

The comprehensive report by Malwarebytes underscores the persistence and evolution of ransomware threats, calling for organisations to enhance their cybersecurity measures and adopt continuous monitoring to protect against these ever-changing dangers.