Analysis of data logged by the Barracuda Managed XDR Security Operations Center shows ransomware threats have increased by four times over the last year.

In 2024, Barracuda Managed XDR logged 11 trillion IT events -- 350,000 per second. Just over a million were flagged as a potential risk and of these, 16,812 were identified as high-severity threats that required immediate defensive action. That’s a small percentage but highlights the need for powerful engines, analysis tools and human expertise to detect them.

Overall the number of high severity threats has been relatively constant across the year. The exception to this being ransomware.

"This rise is likely driven by the prevalence of Ransomware-as-a-Service (RaaS) offerings. The developers behind RaaS platforms often have the time, resources, and skills to invest heavily in advanced and evasive toolsets and templates. The RaaS operational model also extends the pool of attackers deploying ransomware, bringing it within reach of anyone willing to lease and leverage the kits," writes Eric Russo, director, SOC defensive security, Barracuda Managed XDR, on the company’s blog.

The most common detections include those for network traffic coming from known malicious or unusual IPs or geolocations; Microsoft 365 'impossible travel' detections where two consecutive logins to the same account are geographically too far apart for them both to be legitimate; and mass targeted password spray attacks to see if a known or common combination succeeds in

compromising an account.

Russo concludes, "Attackers will exploit every security gap they find to further their attacks. A comprehensive XDR solution that integrates network, endpoint, server, cloud, and email security, even when the tools come from different vendors, means that every corner of the digital infrastructure is monitored and protected with advanced security measures and a full spectrum of defensive tools, combined with proactive threat hunting and response strategies. This allows for swift action and minimizes the window of opportunity for threat actors."

Image credit: Irinayeryomina/Dreamstime.com