How many times are you going to think about ransomware in 2024?

In 2023, we saw the popular trend of asking "how many times a week do you think about the Roman Empire?", and as an avid Roman Empire fan, my answer was a lot. In fact, the fall of the Roman Empire can be easily compared to ransomware breaches.

In 410 AD, the impenetrable walls of Rome were breached by the Visigoths, signaling an end to the once-mighty empire. The reason for the defeat of the Romans was complacency -- the walls and other defenses were in a state of disrepair, and Rome lacked a substantial military presence.

The lesson of this story can also be applied to ransomware protection. Failure to build an adequate protective layer of tools and technologies and an overstretched security team can result in a devastating breach.

Ultimately, ransomware continues to be an ongoing issue for organizations and 2024 shows no sign of letting off. As pointed out by Emre Tezisci, Product Marketing Manager, Zero Trust at Barracuda: "Several large mass ransomware attacks used exploits in software and weaknesses in IT supply chains to target multiple companies.

"For example, the MOVEit mass cyberattack, which exploited a data transfer software product, impacted millions of individuals and thousands of companies."

So, as 2024 approaches, how can organizations prepare themselves against ransomware attacks and what can we expect from ransomware actors over the next year?

For Michael Adjei, Senior Systems Engineer at Illumio, the battle of the ransomware payloads will turn attention to fragile software supply chains. "In 2024, we will see a huge increase in attacks on the software supply chain," said Adjei.

"Ransomware gangs know that most company supply chains are very fragile and are working to build the ultimate payload to compromise as many systems, as quickly as possible. Critical national infrastructure will be the primary target because threat actors ultimately want to get paid, and these organizations are more likely to have insurance," he continues.

Stephen Robinson, Senior Threat Intelligence Analyst at WithSecure, warns that there will be more exploits like MOVEit in 2024.

"For a ransomware group, access to large volumes of valuable data is the end goal; they had no need to go further into the network than the exposed, vulnerable MOVEit servers," said Robinson. "I expect to see more copycat attacks where the value is the exploited server itself, not the access it provides to the rest of the network."

The exploitation of file transfer vulnerabilities by ransomware actors has certainly been a key theme in 2023. Raj Samani, SVP Chief Scientist at Rapid7, said such campaigns show change is brewing among ransomware actors.

“Rapid7 has observed an increasing number of zero-day vulnerabilities being exploited by ransomware groups, and it’s unlikely this trend will abate. Forget the mindset that ransomware actors just go after ‘the low-hanging fruit;’ they are now exploiting zero-day vulnerabilities at mass scale.

"This trend is seeing criminal groups that, to date, have not demonstrated any real capable skills in gaining access to previously unidentified vulnerabilities, exploit them and gain a foothold into victim networks. This demonstrates that potentially something is afoot in the ransomware ecosystem."

When it comes to ransomware attacks, evasion has always been key to actors and their tactics will evolve to avoid detection. "We should expect to see ransomware groups leveraging new techniques in Endpoint Detection & Response (EDR) evasion, quickly weaponizing zero days and as well as new patched vulnerabilities, making it easy for them to bypass common defense strategies," said Kev Breen, Director of Cyber Threat Research at Immersive Labs.

The other goal is, of course, to gain ransom payments from victims. Darren Williams, CEO at BlackFog, argues they will employ new tactics to make this happen.

"Ransomware gangs will look for new ways to force victims into paying," said Williams. "We have already seen gangs contact the SEC directly, reporting victims immediately to inflict maximum damage, forcing regulatory, reputational and class action liabilities. We expect this is just the beginning of several new tactics to maximize payouts."

In 2024, not only will ransomware actors evolve, but also nation-state groups in general. "Geopolitical tensions will continue to spill over into cyberspace, leading to nation-state-sponsored cyber espionage and disruptive attacks," said Joseph Carson, Chief Security Scientist & Advisory CISO at Delinea.

Aaron Kiemele, CISO at Jamf, argues that major conflicts and elections will be main reasons for attacks in 2024.

"Major elections taking place across the world as well as the continued conflict in Ukraine and Israel will drive increased cyberattacks from state-sponsored groups," said Kiemele.

"Organizations of all sizes will need to ensure they are not the weak link that allows adversaries access to their partners and customers. Cybersecurity teams should expand their protection, detection, and response capabilities with nation state campaigns in mind."

Dave Spencer, Director of Technical Product Management at Immersive Labs, said that Russia, China, North Korea, and Iran will be the countries primarily responsible for malicious nation-state cyberattacks.

"Countries are deploying destructive malware, and more sophisticated attacks are expected, which poses major threats to the supply chain. This will, and should, be a major risk factor for all security leaders to consider in 2024.

“It’s positive to see regulatory efforts such as the Digital Operational Resilience Act (DORA) -- which will come into effect in January 2025 -- and points to more countries introducing and collaborating on like-minded efforts.”

For organizations, 2024 will be another year plagued by ransomware. For businesses to stay safe, they need to remember the moral of the Roman Empire’s story: complacency is dangerous.

Image credit: AndreyPopov/depositphotos.com

Robin Campbell-Burt is CEO at Code Red.