Skip to main content

Ransomware in 2024: who are the biggest names?

Franck Do WZMPZ M9s unsplash

The British Library experienced a ransomware attack from the group Rhysida in October. 500,000 files were then leaked, reportedly including personal information of customers and readers. Not only is did this constitute a significant data-breach - rebuilding their systems will reportedly incur costs of between £6-7m.

Weaknesses that ransomware groups seek to exploit

Small and medium businesses are often too resource poor to make items like cybersecurity a priority on their strategic agenda, and taking the British Museum as an example, the consequences can be devastating. They are limited often by funds, senior leadership with appropriate expertise, insight into past experience with cyber- attacks, and latest techniques to enhance their cyber defences.

Companies are often focussed on their product and service offering and building their brand to the detriment of security. Cyber criminals are aware of this drawback and exploit it through ransomware attacks.

Recent ransomware trends

The increase of AI has unfortunately contributed to the growth in ransomware, which reports suggest have doubled in number.

In 2023, the most prolific ransomware groups were Lockbit, BlackCat and C10p are infamous as per recent reports, while previously notorious Conti and Revil disintegrated. The new ones to look out for this year include MalasLocker, 8BASE, Akira.

The rise in Ransomware attacks on the one hand can be attributed to the rise of RaaS (Ransomware as a Service). Here, ransomware operators sell or rent the software to cyber criminals, who then each target their own victims. Yet to counter this, there is an increased awareness about cyber-vulnerabilities, allowing some businesses to detect these and other potential compromises sooner.

There is a corresponding increase in endpoint protection software to protect companies from attacks, but this increase is unlikely to be equal to the increase in availability and access to ransomware software available to criminals.

How to make your company cybersecure

Firstly, all companies should seek help and advice from Government/authorities (e.g., in the UK, this would be the National Cyber Security Centre). These organisations are designed to support organisations in specific areas to prevent and protect against cyber incidents.

Secondly, companies should look to employ a virtual CISO who may not be in-house, but has been hired to help cyber-secure the organisation and its cyber-assets.

Ultimately, prevention is better than finding a cure, and the best way to avoid cyber criminals is to make your company a hard target in the first place. Staff should be trained (including senior executives and board members) with cyber-awareness exercises to protect against phishing attempts, which are amongst the most popular and common vulnerabilities targeted by criminals. Critical data should be patched and backed up regularly.

But these things cannot be done unless companies get into the habit of making cybersecurity a standard board/C-suite agenda item. Though in the event of an attack, the deadline and the final amount that needs to be paid may be up for negotiation, the cost to the business will still be high. Bringing cyber conversations in the spotlight ought to be considered a necessity and not a luxury, which then enables necessary resources to be allocated to prevention.

Published 10 January 2024
Topics:
Leading insights AI and automation

You might also like

Towards zero-carbon homes

12 October 2020
Leading insights

#NAW 2022: How to support your apprentice

10 February 2022
How can businesses make the most of their apprentices, and support them in the process? Dr Dorota Bourne, Academic Head of Apprenticeship Programmes at Henley Business School, shares her top tips for businesses.
Leading insights

Iceland's four-day week: Lessons on workload and flexibility

8 July 2021
Dr Rita Fontinha looks at Iceland's recent trial of a shorter working week and its consistency with Henley's research findings on the four-day week.
Leading insights Flexible working