Virtualization Technology News and Information
Article
Search:
RSS
Follow VMblog.com:
Improve end user experience in VDI, DaaS and physical endpoint environments
Halcyon 2024 Predictions: The Top 5 Ransomware Trends Shaping the Cybersecurity Landscape

vmblog-predictions-2024 

Industry executives and experts share their predictions for 2024.  Read them in this 16th annual VMblog.com series exclusive.

The Top 5 Ransomware Trends Shaping the Cybersecurity Landscape

By Jon Miller, CEO and co-founder of Halcyon

Last year, we saw explosive growth in ransomware operators, variants, affiliate threat actors, and total dollar losses to victim organizations. Businesses of all sizes are increasingly the target of lucrative ransomware attacks, with ransom demands and recovery costs bleeding victim organizations for millions of dollars, underscoring the magnitude of the growing threat of unrelenting ransomware groups like LockBit and CL0P.

As we head into 2024, Halcyon CEO and co-founder Jon Miller shares his top predictions on what cybersecurity leaders can expect in the coming year:

A Linux-based ransomware attack on critical infrastructure is coming. In 2024, organizations will need to focus on properly securing Linux systems.

Linux systems run the most critical operations, including a good deal of our nation's critical infrastructure. It is thus unsurprising that more ransomware groups are introducing Linux versions. We witnessed this in 2023 with new emerging Linux versions from Black Basta, IceFire, HelloKitty, BlackMatter, AvosLocker, and more. These groups are preparing to launch a Linux-based attack on a critical infrastructure because if they are successful, it would cause a catastrophic event that makes the Colonial Pipeline attack look like a blip in comparison. Businesses must be prepared for this growing threat.

More ransomware groups will move away from dropping ransomware payload in favor of source code leaks and straight data extortion.

More groups will move away from dropping a ransomware payload as more source code is leaked and more decryptors are released. Data extortion will become the tactic of choice because it's a less expensive operation and is still very profitable. Groups like BianLian, Cl0p, RAGroup, Stormous, Everest, KaraKurt, and ArvinClub have already moved in this direction. The trend is not likely to mean an end to ransomware payloads, but may be indicative of a change in focus in the cybercrime community.

The few remaining cyber insurance policies that offer comprehensive ransomware coverage will scale back in 2024.

Most organizations that don't already have cyber insurance policies that cover the cost of a cyberattack or data breach event are likely seriously considering them. The increased risk of ransomware attacks in recent years has made cyber insurance even more appealing. But today, most insurers don't cover all of the potential losses related to ransomware, and those that do have significantly increased premium costs. Cyber insurance simply cannot quantify the risk of ransomware and accurately set premiums. This calls the entire question of if cyber insurance is the right anti-ransomware solution into question.

For cyber insurance policies that do offer ransomware coverage, most will no longer cover ransom payments, and many unfortunate organizations will likely find out after they're attacked that their policy only covers a fraction of the costs/losses/remediation. Cyber insurance is not always a viable option for all organizations, and it's certainly not for companies who think they can indemnify instead of investing in security. For a policy to be in force, the organization needs to have an extensive accounting of its security program. If and when the time comes to submit a claim, if the organization is out of compliance - for example, if it did not apply patches in a timely manner or misconfigured security applications - it will be disappointed to find that its policy does not cover the attack.

More hospitals will experience negative patient outcomes as ransomware attacks on the healthcare sector continue.

In 2023, the healthcare sector saw no mercy from ransomware groups. In the first half of the year alone, 15 healthcare systems operating 29 hospitals were hit by ransomware attacks. Furthermore, nearly 300 healthcare providers have been victims of ransomware so far. This is because healthcare systems house some of the most sensitive data, and this yields a higher return on investment for financially motivated attackers. Last year, St. Margaret's Health in Spring Valley, Illinois, shut its doors, crediting a ransomware attack as one of the main reasons. Unfortunately, we expect the same to happen to more hospitals in 2024.

The most active ransomware groups in 2024 will be 8Base, Cactus, Play, NoEscape, LockBit, Cuba, and Rhysida.

Quarter after quarter, we have continued to observe the activity of top ransomware gangs and the percentage of known successful attacks. Based on our continued quarterly analysis of ransomware gang activity in the Ransomware Malicious Quartile, we expect 8Base, Cactus, Play, NoEscape, LockBit, Cuba, and Rhysida to be the most active threat actors in 2024. Our research indicates a worrying surge from these ransomware groups, with attacks becoming more sophisticated and efficient. We have seen BlackCat/ALPHV, LockBit, and 8Base become some of the most active RaaS platforms, and we expect them to be among the top attack groups in 2024. 8Base, in particular, has quickly risen through the ranks of active ransomware operators with a high volume of attacks quarter over quarter, making them one of the most active groups. These organizations demonstrate that the cybersecurity industry has not even begun to curb the ransomware problem, and it is only a matter of time before we see disruptive attacks against our critical infrastructure providers from these major threat actors.

The new year is here, and ransomware is not going anywhere anytime soon. As ransomware continues to evolve, organizations must fortify their defenses against the rapidly growing and sophisticated threat landscape. Ransomware remains one of the biggest threats to any organization today, and we can't effectively address the threat if we don't fully understand it. In 2024 and beyond, organizations need a robust prevention and agile resilience strategy to turn the tides and defend against the impending wave of ransomware attacks.

##

ABOUT THE AUTHOR

Jon Miller 

Jon is the CEO and co-founder of Halcyon, the first anti-ransomware and cyber resilience platform. Prior to Halcyon, Jon was CEO and co-founder of Boldend, a next-generation defense contractor focused on building offensive cyber tools for the US Government. Before Boldend, Jon held the title of Chief Research Officer at Cylance (now Blackberry), where he led teams of data scientists, expert reverse engineers, and malware analysts to ensure Cylance's endpoint products were effective against modern cyber threats. Prior to Cylance, Jon was VP of Accuvant Labs (now Optiv, where he built and led the advanced consultancy group that secured 95%+ of the Fortune 500 companies. Jon began his career in the early days of the industry as a penetration tester and managing consultant at Internet Security Systems (now IBM) X-Force. Jon is frequently featured in the media as an expert in information security and nation-state cyber warfare. He has given talks at all major security conferences and has been featured as a guest on 60 Minutes multiple times.

Published Tuesday, January 30, 2024 7:34 AM by David Marshall
Get This Featured White Paper: The Guide to Choosing Backup Storage
You may also be interested in this white paper: Infographic: IGEL Preventative Security Model
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Customer Connect
Global Digital
DTX
DTW-NA
innovatrix
GISEC
global-digital-cx
vExpert
Calendar
<January 2024>
SuMoTuWeThFrSa
31123456
78910111213
14151617181920
21222324252627
28293031123
45678910