Ransomware in 2024: who are the biggest names?

The British Library experienced a ransomware attack from the group Rhysida in October. 500,000 files were then leaked, reportedly including personal information of customers and readers. Not only is did this constitute a significant data-breach - rebuilding their systems will reportedly incur costs of between £6-7m.

Weaknesses that ransomware groups seek to exploit

Small and medium businesses are often too resource poor to make items like cybersecurity a priority on their strategic agenda, and taking the British Museum as an example, the consequences can be devastating. They are limited often by funds, senior leadership with appropriate expertise, insight into past experience with cyber- attacks, and latest techniques to enhance their cyber defences.

Companies are often focussed on their product and service offering and building their brand to the detriment of security. Cyber criminals are aware of this drawback and exploit it through ransomware attacks.

Recent ransomware trends

The increase of AI has unfortunately contributed to the growth in ransomware, which reports suggest have doubled in number.

In 2023, the most prolific ransomware groups were Lockbit, BlackCat and C10p are infamous as per recent reports, while previously notorious Conti and Revil disintegrated. The new ones to look out for this year include MalasLocker, 8BASE, Akira.

The rise in Ransomware attacks on the one hand can be attributed to the rise of RaaS (Ransomware as a Service). Here, ransomware operators sell or rent the software to cyber criminals, who then each target their own victims. Yet to counter this, there is an increased awareness about cyber-vulnerabilities, allowing some businesses to detect these and other potential compromises sooner.

There is a corresponding increase in endpoint protection software to protect companies from attacks, but this increase is unlikely to be equal to the increase in availability and access to ransomware software available to criminals.

How to make your company cybersecure

Firstly, all companies should seek help and advice from Government/authorities (e.g., in the UK, this would be the National Cyber Security Centre). These organisations are designed to support organisations in specific areas to prevent and protect against cyber incidents.

Secondly, companies should look to employ a virtual CISO who may not be in-house, but has been hired to help cyber-secure the organisation and its cyber-assets.

Ultimately, prevention is better than finding a cure, and the best way to avoid cyber criminals is to make your company a hard target in the first place. Staff should be trained (including senior executives and board members) with cyber-awareness exercises to protect against phishing attempts, which are amongst the most popular and common vulnerabilities targeted by criminals. Critical data should be patched and backed up regularly.

But these things cannot be done unless companies get into the habit of making cybersecurity a standard board/C-suite agenda item. Though in the event of an attack, the deadline and the final amount that needs to be paid may be up for negotiation, the cost to the business will still be high. Bringing cyber conversations in the spotlight ought to be considered a necessity and not a luxury, which then enables necessary resources to be allocated to prevention.