Ransomware Attacks Surge in 2024 as Payments Drop, Signaling Tactical Shift
Ransomware attacks reached unprecedented levels in 2024, with 5,243 victims documented on leak sites a 15% increase from 2023 while total ransom payments fell 35% year-over-year to $813 million, according to Travelers’ Q4 2024 Cyber Threat Report. The fourth quarter alone saw 1,663 attacks, the highest on record, exposing over 195 million records globally.
Despite the rise in incidents, organizations appear to be resisting payment demands more frequently. However, the broader impact remains severe: 87.6% of attacks involved data theft, leading to costly disruptions, IT recovery efforts, litigation, and regulatory fines.
Evolution of Ransomware Tactics
Cybercriminals have shifted away from exploiting zero-day vulnerabilities, instead adopting methodical, repeatable attack methods. A leaked 2023 ransomware training manual revealed a focus on weak VPN and gateway credentials, particularly targeting accounts without multi-factor authentication (MFA). Attackers now proactively hunt for vulnerable systems using default usernames (e.g., admin, test) and common passwords, enabling large-scale targeting.
Threat Actor Landscape Expands
The ransomware ecosystem saw 55 new groups emerge in 2024, a 67% increase from the previous year. Nation-state actors are increasingly intertwining with criminal operations, bringing AI-driven capabilities such as advanced phishing and reconnaissance to ransomware campaigns.
Notable groups in Q4 2024:
- RansomHub led with 238 attacks (14% of the quarter’s total).
- Akira and PLAY remained active with 133 and 95 attacks, respectively.
- FunkSec, a newer group, drew attention for its AI-dependent attack methods, despite questions about its technical sophistication.
Industry Targeting Patterns
Certain sectors faced heightened threats:
- IT services and consulting firms saw increased targeting.
- Construction suffered 129 attacks in Q4, a 56% year-over-year rise.
- Healthcare attacks climbed from 166 in 2023 to 210 in 2024.
The report underscores a strategic shift in ransomware operations, with attackers prioritizing scalable, low-effort entry points over high-risk zero-day exploits. While financial losses from ransoms decline, the operational and reputational damage of these attacks continues to escalate.
Source: https://riskandinsurance.com/ransomware-attacks-hit-record-high-despite-payment-decline-travelers/
Travelers cybersecurity rating report: https://www.rankiteo.com/company/travelers
"id": "TRA1770202292",
"linkid": "travelers",
"type": "Ransomware",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'IT Services',
'type': 'IT services and consulting firms'},
{'customers_affected': '129 attacks in Q4 (56% YoY '
'rise)',
'industry': 'Construction',
'type': 'Construction firms'},
{'customers_affected': '210 attacks in 2024 (up from '
'166 in 2023)',
'industry': 'Healthcare',
'type': 'Healthcare organizations'}],
'attack_vector': ['Weak VPN credentials',
'Gateway credentials without MFA',
'Default usernames (e.g., admin, test)',
'Common passwords'],
'data_breach': {'data_exfiltration': '87.6% of attacks involved data theft',
'number_of_records_exposed': 'Over 195 million records',
'type_of_data_compromised': ['Personally identifiable '
'information',
'Sensitive data']},
'date_publicly_disclosed': '2024-Q4',
'description': 'Ransomware attacks reached unprecedented levels in 2024, with '
'5,243 victims documented on leak sites (a 15% increase from '
'2023) while total ransom payments fell 35% year-over-year to '
'$813 million. The fourth quarter alone saw 1,663 attacks, the '
'highest on record, exposing over 195 million records '
'globally. Despite the rise in incidents, organizations appear '
'to be resisting payment demands more frequently. However, the '
'broader impact remains severe: 87.6% of attacks involved data '
'theft, leading to costly disruptions, IT recovery efforts, '
'litigation, and regulatory fines.',
'impact': {'data_compromised': 'Over 195 million records exposed globally',
'financial_loss': '$813 million (total ransom payments in 2024)',
'operational_impact': ['Costly disruptions',
'IT recovery efforts',
'Litigation',
'Regulatory fines']},
'initial_access_broker': {'entry_point': ['Weak VPN credentials',
'Gateway credentials without MFA']},
'lessons_learned': 'Attackers are shifting from zero-day exploits to '
'scalable, low-effort entry points like weak credentials. '
'Organizations are resisting ransom payments more '
'frequently, but operational and reputational damage '
'remains severe.',
'motivation': ['Financial gain', 'Data theft', 'Operational disruption'],
'post_incident_analysis': {'root_causes': ['Weak authentication',
'Lack of MFA',
'Default credentials']},
'ransomware': {'data_exfiltration': '87.6% of attacks involved data theft',
'ransom_paid': '$813 million (total in 2024, down 35% YoY)',
'ransomware_strain': ['RansomHub', 'Akira', 'PLAY', 'FunkSec']},
'references': [{'source': 'Travelers’ Q4 2024 Cyber Threat Report'}],
'threat_actor': ['RansomHub',
'Akira',
'PLAY',
'FunkSec',
'Nation-state actors'],
'title': 'Ransomware Attacks Surge in 2024 as Payments Drop, Signaling '
'Tactical Shift',
'type': 'Ransomware',
'vulnerability_exploited': ['Weak authentication', 'Lack of MFA']}