Ransomware attacks increased by nearly 20% in 2024, and the severity rose by 13%, according to At-Bay.
The blast radius of ransomware continues to grow as businesses impacted by attacks on vendors and partners increased 43%, while the average cost of these third-party incidents jumped by 72%.
“Remote access tools like VPNs and RDP continue to attract a high level of attention from cybercriminals. In 2024, they were correlated with 80% of ransomware attacks, up from 63% the year prior,” said Adam Tyra, CISO for Customers at At-Bay. “VPNs alone were a factor in 2 of 3 ransomware incidents. This problem isn’t going away for mid-market businesses. They need to upgrade to safer alternatives or consider getting support with patching and configuration management to lower their risk from operating these tools.”
Ransomware incidents increase in frequency
Ransomware returned to 2021 levels, with the frequency of attacks increasing by 19% in 2024 vs. 2023. Mid-sized companies generating $25-100 million in revenue were hardest hit, seeing a 46% increase in ransomware claims.
Losses related to a ransomware attack on a third-party vendor or partner increased by more than 40%, with costs jumping 72% to $241,000. This is due to the range of damages that can occur from a supply chain incident. Close to 50 ransomware groups were implicated in attacks in 2024, a 3X increase from 2021.
In previous years, the perceived reliability of a criminal group was a significant factor for victims in determining whether to pay extortion demands. Victims were naturally reluctant to pay ransom demands for groups that were observed to not hand over decryptor tools as promised or leak stolen data after saying they wouldn’t.
However, with the explosion in the number of ransomware groups and affiliates currently operating, victims can be less sure of who they’re actually dealing with, and the threat actors themselves have less incentive to preserve the reputation of their affiliated group, since they can simply reaffiliate or rename themselves tomorrow.
This means that criminal groups in 2024 were, on average, less shy about demanding outsized ransoms and less likely to see good-faith negotiation as a necessary element of the interaction with victims.
The vast majority of ransomware started with an attack on a remote access tool, which contributed to 80% of attacks. VPNs alone accounted for 66% of all ransomware attacks.
Manufacturers face the highest cyber claim frequency
Overall claims frequency increased by 16% in 2024. This increase was evidenced across all revenue bands, with larger companies experiencing the biggest increase.
Overall severity of claims dropped by 5%, yet ransomware severity increased by 13%. Email was the preferred entry vector for cybercriminals, driving 43% of claims.
Email has always been attractive to attackers due to the fact that it provides a common entry point among all types of businesses, making large scale social engineering campaigns easy to execute. But, the level of effort required for this tactic has been lowered in recent years by the adoption of GenAI tools that are used by attackers to create increasingly credible social engineering emails.
Manufacturers, for example, saw the highest claim frequency for any industry by far, experiencing nearly 2X claim frequency compared to the average. Financial fraud remained the most common incident type, accounting for 32% of all claims. 4 of 5 (83%) financial fraud claims began with email.
