Connect with us

Hi, what are you looking for?



The Ransomware Threat in 2024 is Growing: Report

Anyone who believes ransomware will go away doesn’t understand the nature of criminality. Extortion has and always will be a primary criminal business plan.

Ransomware Report

Almost all aspects of ransomware worsened in 2023 compared to 2022. Noticeably, criminals are increasingly focused on data extraction without necessarily using encryption payloads. The implication is the ransomware threat will continue to increase and evolve in 2024.

This is the only conclusion possible from a survey report published by Delinea. More than 300 US IT and security decision makers in multiple verticals were surveyed, and 2023’s results compared with the previous year’s survey.

The biggest problem with any survey is the degree of subjectivity involved in the analysis, and the inevitably small sample used, making it scientifically unfounded. At the same time, purely coincidentally, all surveys tend to recommend the publisher’s own products as a solution to the issues raised by the survey. We cannot escape from the reality that surveys are produced primarily for marketing purposes.

For such reasons, SecurityWeek has largely applied its own subjective analysis to the respondent facts surfaced by the survey.

The volume of ransomware attacks is not a constant and can be affected by many short term factors (take downs, criminal retirements, retooling, etcetera). 2022 showed a reduction, and some commentators suggested that the tide was turning against ransomware. 2023 has demonstrated this was a false dawn, with more than twice the number of victims in 2023 compared to 2022. 

Anyone who believes ransomware will go away doesn’t understand the nature of criminality. Extortion has and always will be a primary criminal business plan. The current Delinea report demonstrates that the delivery of extortion can be fine-tuned (the evolution from encryption to data exfiltration), but the purpose remains the same, and the incidence will continue to increase.

The success of this business plan is demonstrated by an increase in the number of victims who have paid the ransom — up from 68% to 76% (and remember that is 76% of a higher number of victims). What cannot be measured is the effect of cyberinsurance on ransomware delivery and response. Some commentators believe that attackers look for victims with cyberinsurance, and the report notes, “One reason for the willingness to pay may be the rise of cyberinsurance.”

Insurance provides a financial safety net, making the decision to pay an easy option. This safety net may also partly explain why security budgets have increased more for ransomware prevention than recovery, something also highlighted by the report. Prevention can lead to lower premiums and may be an insurance condition, while the recovery costs are offset by insurance claims. If this assumption is correct, it helps to explain the increase in ransomware defense budgets coinciding with a decrease in recovery budgets – the latter now comes out of a possibly separate insurance budget.

Advertisement. Scroll to continue reading.

Delinea’s analysis of ransomware attacks in 2022 and 2023 also demonstrates the basic reactionary problem for cybersecurity practitioners. Victims cannot escape negative effects from an attack, but the response to those attacks comes after the attack. For example, lost revenue increased from 56% to 62% and reputational damage increased from 43% to 48% during 2022 and 2023. However, security budget increases simultaneously decreased from 76% to 61% in the same period — perhaps partly in response to the lower attack levels of the previous year than the current situation.

It is also noticeable that board-level concern is currently high (although sadly there is no comparison with the previous year’s figures). Fifty percent of respondents report that executive leadership always has ransomware as an item on the agenda, while a further 26% say it is a top priority that is frequently discussed. What we can’t tell from the survey is whether this concern is static, increasing or decreasing.

Interestingly, Delinea comments on this: “Executives and Boards are listening but not all are acting.” There are no details to justify this statement. It may well be true, but it is not proven by the survey.

One of the most interesting sections of Delinea’s survey reports on the criminal motivations (in addition, of course, to gaining money). The answers are subjective, but come from people in the trenches of ransomware defense. Data exfiltration has increased from 46% to 64%, while a simple ‘money grab’ has decreased from 69% to 34%. This clearly reflects the criminals’ fine-tuning of the extortion process.

Other motivations include supply chain attacks up from 44% to 55% (reflecting increasing criminal professionalism in choosing the potentially most rewarding paths); creating chaos (up from 39% to 51%) and geopolitics and activism (up from 26% to 32%).

Overall, Delinea’s State of Ransomware 2024  (PDF) report tells us that ransomware quite closely parallels the overall cybersecurity ecosphere: it’s getting worse. This is perhaps not surprising when ransomware is a tool used by both cybercriminal groups (who are getting more professional and more sophisticated), and nation-state actors (who are becoming more active in an era of extreme geopolitical tensions).

Learn more at SecurityWeek’s Ransomware Resilience & Recovery Virtual Summit

Related: 1.5 Million Affected by Data Breach at Insurance Broker Keenan & Associates

Related: Schneider Electric Responding to Ransomware Attack, Data Breach

Related: Major US, UK Water Companies Hit by Ransomware

Related: Aviation Leasing Giant AerCap Hit by Ransomware Attack

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups.