The year 2024 saw a marked increase in the competence, aggression and unpredictability of ransomware attackers. Nearly all the key numbers are up — more ransomware gangs, bigger targets and higher payouts. Malicious ransomware groups also focus on critical infrastructure and supply chains, raising the stakes for victims and increasing the motivation to cooperate.
Here are the biggest ransomware stories of 2024.
Ransomware payments surged to record highs in 2024. In the first half of the year, victims paid a staggering 459.8 million USD to cyber criminals. The largest single ransom payment ever revealed was 75 million USD paid to the Dark Angels ransomware group by an undisclosed Fortune 50 company.
In addition, the median ransom payment skyrocketed from less than 199 thousand USD in early 2023 to 1.5 million USD in June 2024. The average ransom demand in 2024 also saw a significant increase, rising to 2.73 million USD, nearly 1 million USD more than in 2023.
Despite these record-breaking payouts, there was a 27.27% year-over-year decline in the number of ransomware payment events. That means that while fewer organizations pay ransoms, those who do pay face much higher amounts. The main reason is that ransomware gangs target larger organizations and critical infrastructure providers, focusing on high-profile attacks and yielding bigger payouts.
Ransomware attacks on healthcare organizations surged dramatically in 2024, with 264 attacks recorded in just the first three quarters of 2024. Some two-thirds (67%) of surveyed healthcare institutions reported being impacted by ransomware attacks, up from 60% in 2023. The average ransom demand per attack exceeded 5.2 million USD in the first half of 2024, with some high-profile incidents demanding up to $25 million. Recovery times have also increased, with only 22% of victims fully recovering within a week, down from 47% in 2023.
Supply chain management software provider Blue Yonder was victimized by a ransomware attack on November 21, 2024. The attack disrupted customers, including coffee giant Starbucks and its 11,000 or so United States stores. Starbucks’ ability to manage employee schedules and track work hours was affected, forcing the high-tech company to use pen and paper for scheduling and affecting payroll. Blue Yonder is working with external cybersecurity firms to investigate, but as of November 25, the company still does not have a timeline for restoration.
This year saw a 30% year-over-year increase in the number of active ransomware groups despite law enforcement crackdowns. Secureworks’ annual State of the Threat Report reveals that 31 new groups entered the ecosystem in just 12 months. When one group, such as LockBit, is suppressed by law enforcement, another, such as RansomHub, emerges to fill the vacuum. It’s a game of Whack-a-Mole for authorities.
Ransomware attacks on U.S. ports increased in 2024 in both frequency and sophistication. The Port of Seattle, for example, was attacked in August, causing major disruption. The U.S. government responded assertively. In February 2024, President Biden signed an executive order expanding the U.S. Coast Guard’s authority to address cybersecurity incidents in the maritime sector and mandating more robust digital defenses for port operators.
The importance of cybersecurity has never been higher. With ransomware groups’ increased sophistication and capability, defenders increasingly need AI threat detection and, indeed, AI cybersecurity solutions in general, as well as cybersecurity best practices across the organization.