Major businesses and organisations have been victims of ransomware attacks in 2023, from the Royal Mail to the British Library and the file transfer service MOVEit, which allowed hackers to steal data from the United States Department of Energy, the BBC and British Airways.

Ransomware trends: A laptop screen showing a ransomware attack
Ransomware attacks have substantially increased in 2023. (Photo by rawf8/Shutterstock)

Ransomware attacks have substantially increased in 2023. Not only did ransom payments reach an all-time high of $1.1bn, but the number of gangs has multiplied, the scale of attacks has escalated, and groups have refined their methods.

Changing or improving attack tactics is at the core of ransomware gangs’ activity. A reason for this is the arms race between cyberattackers and cybersecurity experts, which uncompromisingly develop malware on one side and decryptors to fight them on the other. 

But while constant updates are central to the way these attacks work, recent months have been marked by a “substantial increase in the scope and complexity of attacks”, as noted by a Chainalysis report. This seems to prompt the question of how ransomware trends that emerged in 2023 will evolve in the near future, and what businesses should be prepared for.

What ransomware trends emerged in 2023?

The unprecedented amount generated by ransom payments in 2023 is not the only striking phenomenon that emerged from recent ransomware trends. The growing number of gangs largely opted for “big-game hunting” tactics, meaning they conducted fewer attacks – but considerably more impactful ones.

This strategy was employed with great success by users of Cl0p, a type of malware that focuses on exploiting zero-day vulnerabilities to “extort many large, deep-pocketed victims en masse”, the Chainalysis report says.

The report also found that the increased number of ransomware gangs is representative of easier entry to the field for new cybercriminals, which in turn is linked to the rise of a new business model for established criminal groups, the so-called “ransomware-as-a-service” (RaaS) model. Experienced ransomware operators then offer ransomware as a service – even further increasing their revenues. 

What can we expect for ransomware in 2024?

2024 “will not be an exception” in the escalation of ransomware trends, says Martin Zugec, Technical Solutions Director at Bitdefender. However, the increasing quantity – and scale – of attacks is not the only issue businesses should be prepared for. “While we are calling it the same name, it’s quite a different beast than it was before. A more accurate name is the criminal profit-sharing business model,” Zugec explains. “And yes, it will continue growing.”

Ransomware gangs have already started expanding, notably by adopting RaaS models. But this development is set to engender even more tactics revolving around the “professionalisation of opportunistic attacks”, Zugec says. For example, gangs can now be expected to be able to coordinate ransomware attacks, in order to increase pressure on victims.

Experts also predict an increased use of AI in attacks. With the technology gaining significant momentum in recent years, its application across various disciplines makes no exception when it comes to ransomware. Most attacks still start with a phishing email, which Large Language Models (LLMs) have made “much harder to detect with the naked eye”, Zugec says. LLMs are also likely to be used to create “customised, [although] not necessarily more sophisticated malware.”

In today’s RaaS landscape, Zugec also expects “to see attacks becoming much more indiscriminate”. While ransomware operators used to have somewhat of a code of conduct which involved staying away from life-or-death targets like hospitals, emerging trends and recent attacks only show that “no target is off the table”, according to Bitdefender’s Technical Solutions Director.

How to counteract emerging ransomware trends

Awareness and relevant responses to ransomware trends are undoubtedly the most effective steps against malware. 

In fact, the National Cyber Security Centre and other public bodies strongly advise against paying ransom to recover data, as it “can increase the likelihood of being retargeted and does not guarantee stolen information will not be leaked after.” Still, a Veeam 2023 ransomware trends report found that 80% of the 1200 surveyed businesses decided to pay a ransom – with 21% of them not being able to recover their data afterwards.

But with new trends come the need for new prevention methods. The growth of big-game-hunting, for example, highlights a shift towards less targeted and more opportunistic attacks, leveraging vulnerabilities in popular business platforms, Zugec explains. With zero-day vulnerabilities being detected and exploited by gangs increasingly early, “organisations who take longer than one day to patch, immediately place themselves in the crosshairs of attackers,” he says.

Again, prevention is key. Data encryption or exfiltration being the final stage of complex operations, the implementation of a layered in-depth defence strategy based on system hardening, automated patching and protection on endpoints is necessary to protect against ransomware attacks.

For Zugec, effective security that can quickly detect and eliminate ransomware threats “should be top of mind for every IT manager and CISO.”

Read more: UK government publishes new cybersecurity guidelines for businesses