The ransomware industry is thriving, not losing.
Despite various law enforcement wins against ransomware actors, like the sweeping takedown of LockBit and the seizure of Radar, hackers continue to reap the rewards of these data-theft attacks — and 2024 looks set to be their most profitable year to date.
That’s according to Allan Liska, a ransomware expert who serves as a threat intelligence analyst at cybersecurity firm Recorded Future. In an interview with TechCrunch in London earlier this month, Liska confirmed that 2024 is on track to be another record-breaking year for ransomware — with equally record-breaking ransoms paid by victims to hackers.
“The curve is going to flatten a little bit, which I guess is good news. But a record-breaking year is still a record-breaking year,” Liska told TechCrunch. “We’ve also this year, for the first time that I’m aware of, had four eight-figure ransoms paid.”
One of these eight-figure sums was the $22 million ransom that Change Healthcare paid to the Russian cybercrime gang ALPHV following the theft of highly sensitive medical data related to hundreds of millions of Americans. What followed, Liska said, was rampant in-fighting between the ransomware group and its affiliate, who carried out the hack on ALPHV’s behalf.
“If you wanted a reality show, this was it,” said Liska.
This apparent scrappiness is only likely to worsen as younger threat actors join the ransomware foray, as we’ve seen with highly skilled and financially motivated hackers like Lapsus$ and, more recently, Scattered Spider. This loose-knit group of predominantly teenage, native English-speaking hackers has carried out some of the most disastrous cyberattacks in history, such as the breach of MGM Hotels and the suspected links to the recent cyberattack on Transport for London.
The disjointed nature of these attackers is evidenced by the increase of data theft-only attacks, which have increased by more than 30% in 2024, according to Liska. “That is up significantly from just a couple of years ago,” he told TechCrunch. “A lot of the newer threat actors just don’t want to deal with encryption, decryption, or anything like that,” referring to attacks that exfiltrate huge amounts of stolen data.
While the persistence of teenage hackers has already led to a rise in extortion-only attacks, that might be just the tip of the iceberg. Liska warns that these scrappy threat actors could choose to skip data theft entirely and decide to steal money directly from cryptocurrency exchanges instead. Worse, Liska warns that the fight against ransomware can spill into real-world violence, describing escalatory extortion tactics by groups like Scattered Spider, which use real-world information against their targets if their victims say they won’t pay a ransom.
The outcome of the upcoming U.S. election could also have a major effect on the future of ransomware.
Liska notes that the global ransomware taskforce set up under the Biden administration has been a “huge benefit” to the fight against hackers, thanks to an increase in the sharing of intelligence between nations. Liska said that there is “a good chance that goes away” if the U.S. no longer shares intelligence with its allies under a successive Trump administration, which has promised wide scale government deregulation.
“I don’t think that’s something we’re prepared for — and we could see even more of an acceleration of ransomware attacks if law enforcement is less able to do their job,” said Liska.
Under the previous Trump administration, “we saw WannaCry and NotPetya, and there was no immediate response,” said Liska
What’s the solution? According to Liska, who said at TechCrunch Disrupt 2023 that banning ransomware payments wasn’t the answer, doing so is now the only solution.
“We’ve had 20-plus law enforcement actions just this year against ransomware, and that is fantastic. But if we’re going to feed eight-figure ransom payments to these attackers then that changes the incentive model.You might get arrested, but on the other hand, you might get an eight-figure ransom payment, that’s a challenge that is hard to resist.”
“My answer is: ban ransom payments, which is a terrible solution, but it may be the least bad solution that we have,” Liska added.