The State of Ransomware in 2024

Introduction

As we journey through 2024, ransomware attacks continue to be a formidable adversary for organizations across North America. This year has already witnessed several significant incidents*, reflecting the relentless sophistication and persistence of ransomware attack groups. This blog provides an in-depth look of the current state of ransomware in the healthcare industry, spotlighting major events of 2024, exploring why healthcare remains a prime target, and comparing this year’s trends to those of the past three years.

Headline Events of 2024

Change Healthcare Crisis

In February 2024 Change Healthcare, a major player in healthcare technology was struck by a significant ransomware attack. The BlackCat group demanded and received a $22 million ransom, disrupting operations nationwide and affecting hospitals, pharmacies, and medical offices. This incident highlighted the critical vulnerabilities within the healthcare sector.

CDK Global Shutdown

In June 2024, CDK Global, a crucial software provider for car dealerships, faced a severe ransomware attack that halted services across 15,000 dealerships in North America. This incident demonstrated the extensive impact of such attacks on supply chains and service providers.

Ascension Health System Assault

Ascension Health System, one of the largest Catholic healthcare systems in the U.S., experienced a ransomware attack causing significant operational disruptions. This attack underscored the ongoing threat to healthcare institutions and the potential for widespread effects on patient care.

Why Healthcare is Under Siege

The healthcare sector has become a prime target for ransomware attackers. In an industry that faces constant emergencies, here are some of the top drivers that draw hackers in:

1. Critical Services: Healthcare organizations provide essential services, making them more likely to pay ransoms quickly to restore operations and avoid jeopardizing patient lives.
   
2. Valuable Data: Medical records contain sensitive personal information that is highly valuable on the dark web. These records can be sold for higher prices than other types of data, incentivizing ransomware attackers.
   
3. Operational Weaknesses: Many healthcare organizations rely on outdated infrastructure and may lack robust cybersecurity measures needed to fend off sophisticated attacks.
   
4. Regulatory Pressure: Healthcare organizations are subject to strict regulations regarding patient data. A breach can lead to significant fines and legal repercussions, further pressuring these entities to resolve incidents swiftly, often by paying ransoms.

A Glimpse Back: Ransomware Trends Over the Years

As technologies healthcare organizations use every day have evolved, so have those available to hackers. Since the widespread release of AI platforms, attacks are able to scale faster and create even more sophisticated ransomware attacks. Let’s take a look at the past four years to see how these attacks have been evolving:

2024: A Year of Challenges and Decreases

• Current Trends: The first half of 2024 has seen a 22% decrease in ransomware attacks compared to Q4 2023, attributed to successful law enforcement actions and better organizational preparedness.
• Ongoing Threats: Despite the decline, ransomware attacks remain a significant threat, with new groups emerging and existing ones adapting their tactics.

2023: The Record-Breaking Year

• Record Payments: Ransomware payments reached a record $1.1 billion, driven by sophisticated attacks on critical infrastructure and large corporations.
• Increased Sophistication: Ransomware  groups employed advanced techniques, including intermittent encryption and supply chain attacks, to enhance their success rates.

2022: A Year of Geopolitical Influence

• Geopolitical Impact: The war in Ukraine and increased law enforcement actions led to a temporary decrease in ransomware activities, particularly against groups like REvil and Conti.
• Ransom Payments: Payments decreased slightly but remained significant.

2021: The Rise of Double Extortion

• Ransom Payments: In 2021, ransomware payments totaled $983 million, driven by high-profile attacks on Colonial Pipeline and JBS Foods.
• Tactics: Double extortion tactics became prevalent, with attackers not only encrypting data but also threatening to release it publicly.

Calls to Action

In this rapidly evolving digital environment, organizations, especially those in the healthcare industry, must take action in developing a secure environment for their digital assets. It’s important to take a holistic approach to ensure you are protected from every endpoint. Here are some steps you can take to get started:

1. Enhance Cybersecurity Measures: Organizations must invest in advanced cybersecurity tools and practices to protect against evolving ransomware threats. Regularly update and patch systems, implement multi-factor authentication, and conduct frequent security audits.
   
2. Employee Training: Conduct regular training sessions to educate employees about the latest phishing techniques and ransomware tactics. Empower them to recognize and respond to potential threats. Train employees on the context of the attack, rather than looking for misspellings or suspicious URLs.
   
3. Develop an Incident Response Plan: Create and regularly update a comprehensive incident response plan that outlines steps to take in the event of a ransomware attack. Ensure all employees are familiar with the plan and their roles within it.
   
4. Collaborate and Share Intelligence: Engage in information-sharing initiatives with other organizations, cybersecurity firms, and government agencies. Collaboration can enhance collective defenses and provide early warnings about emerging threats.
   
5. Invest in Cyber Insurance: Consider obtaining cyber insurance to mitigate the financial impact of a ransomware attack. Ensure the policy covers ransomware incidents and includes provisions for recovery and legal support.

Conclusion

Ransomware attacks continue to pose a significant challenge in 2024, with healthcare remaining a prime target due to its critical services and valuable data. While there has been a decrease in the frequency of these attacks, their sophistication and impact continue to grow. Cybersecurity leaders must stay vigilant, adopting proactive measures and fostering international cooperation to effectively combat the ransomware attack threat. As we move forward, the combined efforts of organizations, governments, and cybersecurity professionals will be crucial in mitigating this persistent menace.

Thinking about how you can protect your organization’s data from the growing ransomware attacks? Reach out to our team of experts to learn how a wholistic approach can help safeguard your digital assets.

*Interested in learning more about the impacts of ransomware across industries? Check out the following episodes from our Behind the Shield podcast for a deeper dive:

https://www.podbean.com/ep/pb-4yxg6-16263ae May 2024 episode, Hot topic “do bounties for ransomware work?”

https://www.podbean.com/ep/pb-mvqtd-1559aad January 2024 episode, Hot Topic: Impact of ransomware on hospital patients

https://www.podbean.com/ep/pb-tvmcm-1439f71 June 2023 episode, Spotlight from Arista: “IoT, Ransomware, Insider Threats and Your Data: Threat Hunting to the Rescue”