It’s 2025, and you know what that means—time to go over what happened in the world of ransomware in 2024.
“I would say 2024 went full-on,” Christiaan Beek, senior director of threat analytics at Rapid7, told IT Brew. “It was a year full of attacks, after attacks, after attacks.”
Cash money. Rapid7’s new report on ransomware in the last year found that, unsurprisingly, the increase in attacks from ransomware gangs spiked again. Potential revenue from attacks could reach $380 million, Rapid7 surmised based on a median reported ransom payment of $200,000 per attack, meaning there’s a lot of money on the table for those willing to take it. To Sebastian Straub, principal solutions architect at N2WS, the next year promises to be more dangerous.
“I’m very afraid of the things we’re going to see in 2025, because even if you look at 2024 the attacks were, I know it sounds crazy...minor attacks,” Straub said. “I think we’re going to see tremendously larger attacks in 2025.”
An earlier 2024 ransomware report from Rapid7 found that groups are sharing tech and source code. That indicates communication between the gangs and, importantly, the continued proliferation of criminal SaaS. Such overlap “signals the utilization of common builders as well as possible code exchange between different threat actors,” according to the earlier report.
“There are some groups still working together, but I think that’s just purely from a code base that they work together on,” Beek said. “Like, ‘Hey, we have source codes, and each of us builds a different variant.’”
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Making it big time. A report from NCC Group found that December 2024 saw the “largest number of attacks for the year, but also since we began recording ransomware data in 2021” since the organization began tracking the attacks in 2021. For Straub, the danger of ransomware is going to reach through 2025 and beyond. He noted to IT Brew that the use of AI in developing attack strategies is leading to more efficient, dangerous hacks and that threat actors are increasingly targeting interconnected systems. On the other hand, the technology isn’t only in the hands of the bad guys.
“Firewalls and defense systems are going to implement AI as well,” Straub said. “So, it’s almost going to be a Cold War.”
A sustained and globally coordinated effort is needed to push back on the attacks, Straub said. Without a community effort targeting the attackers, change is unlikely. But the existence of the Ransomware Task Force, as well as laws focused on curbing the hacker tactic in countries like Australia and the UK, are hopeful signs.
“The US is going to follow,” Straub said, “but probably not going to be the first one to plant their flag into that stake.”