Today, people around the world will head to school, doctor’s appointments, and pharmacies, only to be told, “Sorry, our computer systems are down.” The frequent culprit is a cybercrime gang operating on the other side of the world, demanding payment for system access or the safe return of stolen data.
The ransomware epidemic shows no signs of slowing down in 2024—despite increasing police crackdowns—and experts worry that it could soon enter a more violent phase.
“We’re definitely not winning the fight against ransomware right now,” Allan Liska, a threat intelligence analyst at Recorded Future, tells WIRED.
Ransomware may be the defining cybercrime of the past decade, with criminals targeting a wide range of victims including hospitals, schools, and governments. The attackers encrypt critical data, bringing the victim’s operation to a grinding halt, and then extort them with the threat of releasing sensitive information. These attacks have had serious consequences. In 2021, the Colonial Pipeline Company was targeted by ransomware, forcing the company to pause fuel delivery and spurring US president Joe Biden to implement emergency measures to meet demand. But ransomware attacks are a daily event around the world—last week, ransomware hit hospitals in the UK—and many of them don’t make headlines.
“There is a visibility problem into incidents; most organizations don’t disclose or report them,” says Brett Callow, a threat analyst at Emsisoft. He adds that this makes it “hard to ascertain which way they are trending” on a month-by-month basis.
Researchers are forced to rely on information from public institutions that disclose attacks, or even criminals themselves. But “criminals are lying bastards,” says Liska.
By all indications, the problem is not going away and may even be accelerating in 2024. According to a recent report by security firm Mandiant, a Google subsidiary, 2023 was a record-breaking year for ransomware. Reporting indicates that victims paid more than $1 billion to gangs—and those are just the payments that we know about.
A major trend identified in the report was more frequent posts by gangs to so-called “shame sites,” where attackers leak data as part of an extortion attempt. There was a 75 percent jump in posts to data leak sites in 2023 compared to 2022, according to Mandiant. These sites employ flashy tactics like countdowns to when the sensitive data of victims will be made public if they don’t pay. This illustrates how ransomware gangs are ramping up the severity of their intimidation tactics, experts told WIRED.
“Generally speaking, their tactics are becoming progressively more brutal,” Callow says.
For example, hackers have also begun to directly threaten victims with intimidating phone calls or emails. In 2023, the Fred Hutchinson Cancer Center in Seattle was struck by a ransomware attack, and cancer patients were individually sent emails threatening to release their personal information if they did not pay.
“My concern is that this will spill over into real-world violence very soon,” says Callow. “When there are millions to be had, they might do something bad to an executive of a company that was refusing to pay, or a member of their family.”
