Ransomware Attacks Continued To Increase during 2024's Final Quarter

Organizations experienced an increase in ransomware attacks during the fourth quarter of 2024, according to the Q4 2024 Cyber Threat Report from The Travelers Companies, Inc.

The report, which is based on data collected from ransomware leak sites, showed ransomware groups using repeatable attack methods such as targeting virtual private network accounts that had weak credentials and were not protected by multifactor authentication (MFA).

"Based on our observations, it's clear that basic attack techniques are still highly effective for ransomware groups," Jason Rebholz, vice president and cyber-risk officer at Travelers, said in a statement. "These groups have been on the offensive, proactively hunting for targets and having significant success. It's vital that businesses implement proven security controls, such as MFA, to make it far more challenging for malicious actors to carry out an attack on their organization."

The report found an increase in new ransomware groups, demonstrating a growing number of smaller, more agile threat actors in the cyber-crime ecosystem, the insurer said. According to Travelers, the formation of those new groups can be attributed to several factors, including law enforcement's disruption of several well-established Ransomware-as-a-Service platforms.

Among the trends standing out in the report was the increased targeting of information technology services and consulting firms, Travelers said. Those organizations serve as intermediaries for other industries, amplifying the impact on a ransomware attack through the organizations' connections to multiple clients, Travelers said.

Looking at particular industries, Travelers found that the construction sector remained a primary target of ransomware attacks in 2024, while hospitals and healthcare organizations also continued to face persistent threats.