Delinea: Ransomware on the Rise Despite Change in Tactics

Privileged Access Management (PAM) company Delinea published its annual “State of Ransomware” report, noting that attacks of this nature are again rising amidst a change in cyber-criminal strategy. Delinea’s “State of Ransomware 2024: Anticipating the Battle and Strengthening Your Defenses,” analyzed data from a Censuswide survey of more than 300 U.S. IT and security decision-makers to identify significant over previous trends.

Instead of the traditional tactic of crippling a company and holding it hostage, new focuses have been placed on using stealth to exfiltrate private and sensitive data, then threatening to sell it to the highest bidder.

Although not back to 2021 levels, the number of organizations claiming to have been victimized by ransomware in the past 12 months more-than-doubled since last year, from 25 to 53 percent, with 65 percent of mid-sized companies falling victim. Organizations are also paying ransoms more frequently, rising to 76 percent from last year’s 68percent.

More striking, however, are the emerging trends in motivations, strategies, and tactics that the survey revealed. Data exfiltration registered a surge of 39 percent (reported by 64 percent of respondents). This trend is also evidenced by the significant downturn of traditional money grabs as the main motivation (34 percent, down from 69 percent one year prior).

“Ransomware certainly appears to have reached a critical sea change – it’s no longer just about the quick and easy payout,” said Delinea President, Rick Hanson. “Even as organizations are investing more in safety nets like cyber insurance which often have ransomware payouts included in coverage policies, cybercriminals are finding that using stealth tactics to stay under the radar and access sensitive, valuable information to sell is the better investment of their effort.”

Cyber-criminals also modified their tactics to shift from using email as a preferred attack vector (37 percent, down from 52 percent), instead targeting cloud (44 percent) and compromised applications (39 percent).

Contrasting trends emerged around the measures organizations have in place against ransomware. While 91 percent of those surveyed indicated that they have specific budget allocations for ransomware (up from 2022’s 68 percent), just 61 percent (down from 76 percent) said security budgets were allocated following an attack. Despite feeling they could bolster defenses by investing in critical areas such as PAM (28 percent, from 16 percent), respondents seemed to lack clarity on how increased spending would help improve security. Despite reservations, however, 76 percent of companies reported that their leadership is concerned about ransomware, albeit perhaps only after an attack.

“The changing strategies and tactics in ransomware attacks require a layered approach to security that mitigates the risk of unauthorized access, even when credentials are compromised,” said Joseph Carson, Advisory CISO and Chief Security Scientist, Delinea. “It also shows the critical role privileged access plays in overall cybersecurity postures.”