In 2024, ransomware attacks, despite the organized efforts of law enforcement, are experiencing another renaissance. The most frequently attacked countries are currently the United States, the United Kingdom, and Italy, whereas the “manufacturing industry” is the most at risk sector, accounting for 22% of all ransomware victims. The data stolen in a single attack can be worth thousands of dollars on the dark web – reveals the latest Check Point Research report.
RansomHub, Play Ransomware, and Meow Ransomware are the three main ransomware groups threatening companies worldwide, demanding ransoms for encrypted and stolen data. The United States is currently having the most trouble with this kind of criminal activity. In September, as much as 48% of all victims came from the US.
But Europe is also not safe – among the main European targets of RansomHub are the United Kingdom, Italy, Spain, Germany, and France. Ransomware attacks carried out on these countries mainly focused on the industrial and service sectors. These two sectors represent 80% of all victims in Italy. In the UK, the industry accounts for more than a third of all cybercrime targets. This is due, among other things, to the use of outdated security systems vulnerable to modern attacks.
Financial difficulties and staff shortages are making educational institutions easy prey. A lack of funds for developing cybersecurity infrastructure in schools and universities could lead to serious incidents in the coming years. Currently, organizations in the “research and education” sector make up about 13% of all victims.
Is Poland also being targeted?
Poland, although it is not at the top of the victims list, should remain vigilant – experts say. The theft of personal data, intellectual property, or information about the supply chain poses new legal challenges to Polish companies and risks damaging their reputation. The consequences for European countries are serious, and cybercriminals are aware that exposing sensitive information can persuade victims to pay a ransom. On darknet forums, the Meow group currently offers stolen data for amounts ranging from 500 to 200,000 dollars.
In Poland, hackers attack both large corporations and small businesses. Of course, the ransom demanded is significantly smaller than those abroad. The reason for the difference, according to experts, is the smaller number of large entities operating in Poland. Cybercriminals demand smaller ransoms from SME sector companies, while larger firms with several thousand employees are demanded significantly more.
Paying the ransom does not guarantee the recovery of all data and may encourage criminals to attack again, experts warn. They emphasize that any company, regardless of sector and level of preparedness, can fall victim to cybercriminals at any time.
As Rzeczpospolita reports, nearly 20 percent of companies in Poland have fallen victim to so-called ransomware, and almost 40 percent of them paid the criminals to avoid losing their data. One of the most publicized attacks occurred in July 2024 when the RansomHub group posted about a ransomware attack on the Polish Dealers Group (the 171st largest company in Poland), revealing the personal data of its clients.
Current landscape
The year 2024 brought drastic changes in the landscape of ransomware threats. Although Lockbit – once dominant group – is going through a serious crisis, new threats appeared in its place, including RansomHub, which quickly gained significance, putting pressure on organizations in the US and Europe.
RansomHub, which emerged in February 2024, was already responsible for 19% of all ransomware victims by September. This group’s operating model relies on RaaS – allowing affiliates to conduct attacks using their infrastructure and tools. Interestingly, RansomHub introduced a remote data encryption feature, which helps avoid detection by traditional protection systems.
Sergey Shykevich, Product Group Manager and R&D at Check Point Software Technologies, says, “The rapid rise of RansomHub and their advanced tactics, such as remote encryption, shape the new ransomware landscape. It’s crucial for organizations to use modern solutions based on artificial intelligence and proactive threat prevention to get ahead of emerging threats.”
Lockbit’s fall: Has the golden age definitely passed?
Lockbit, which two years ago accounted for 40% of attacks, is struggling greatly after police operations in early 2024. In September, the group was responsible for only 5% of ransomware attacks, and 40% of them were “recycling” old data, suggesting that the group is trying to create the illusion of activity. Although its influence has waned, Lockbit still tries to stay in the market, utilizing its extensive network of collaborators and attacking profitable sectors like industry and logistics.
Criminal groups evolve and develop increasingly advanced techniques, including the “ransomware-as-a-service” (RaaS) model, where even individuals without extensive technical knowledge can launch attacks. The new standard appears to be data theft rather than encryption, which further complicates corporate defense.
Ransomware is currently becoming increasingly sophisticated, and cybercrime is becoming more organized. Experts believe that the key to protection is the implementation of systems based on artificial intelligence that enable early detection and neutralization of threats in real-time. Additionally, the zero-trust architecture – meaning no trust for any user inside or outside the network – can significantly reduce the risk of an attack.
Source: https://managerplus.pl/cyberbezpieczenstwo-przemysl-i-edukacja-na-celowniku-grup-ransomware-88867
