Ransomware Extortion Drops to $813.5M in 2024, Down from $1.25B in 2023 - Related to has, ai-powered, threats, drops, social

Ransomware Extortion Drops to $813.5M in 2024, Down from $1.25B in 2023

Ransomware attacks netted cybercrime groups a total of $[website] million in 2024, a decline from $[website] billion in 2023.

The total amount extorted during the first half of 2024 stood at $[website] million, blockchain intelligence firm Chainalysis noted, adding payment activity slumped after July 2024 by about [website].

"The number of ransomware events increased into H2, but on-chain payments declined, suggesting that more victims were targeted, but fewer paid," the corporation introduced.

Adding to the challenges is an increasingly fragmented ransomware ecosystem, which, in the wake of the collapse of LockBit and BlackCat, has led to the emergence of a lot of newcomers that have eschewed big game hunting in favor of small- to mid-size entities that, in turn, translate to more modest ransom demands.

, the average ransomware payment in Q4 2024 was at $553,959, up from $479,237 in Q3. The median ransomware payment, in contrast, dropped from $200,000 to $110,890 quarter-over-quarter, a 45% drop.

"Payments continue to remain primarily a last-resort option for those who have no alternative to recover critical data," the organization expressed.

"Faulty decryption tools from both new and old ransomware strains and mounting distrust of threat actors' ability to honor assurances compound to drive victims away from the table unless they have no other option."

The decline in ransom payments have also been complemented by growing law enforcement success in dismantling cybercriminal networks and crypto laundering services, thereby disrupting the financial incentive and raising the barriers to entry.

That showcased, 2024 also witnessed the highest volume of annual ransomware cases since 2021, reaching a staggering 5,263 attacks, an increase of 15% year-over-year.

"With a crucial role in the global economy, Industrials experienced 27% (1424) of all ransomware attacks in 2024, increasing 15% from 2023," NCC Group expressed. "North America experienced over half of all attacks in 2024 (55%)."

The most commonly observed ransomware variants during 2024 were Akira (11%), Fog (11%), RansomHub (8%), Medusa (5%), BlackSuit (5%), BianLian (4%), and Black Basta (4%). Lone wolf actors captured an 8% market share during the time period.

Some of the new entrants observed in recent months include Arcus Media, Cloak, HellCat, Nnice, NotLockBit, WantToCry, and Windows Locker. HellCat, in particular, has been found resorting to psychological tactics to humiliate victims and pressure them into paying up.

"Both Akira and Fog have used identical money laundering methods, which are distinct from other ransomware strains, further supporting a connection between them," Chainalysis noted.

"Both groups have primarily focused on exploiting VPN vulnerabilities, which allows them to gain unauthorized access to networks and consequently deploy their ransomware."

A team of security researchers from Georgia Institute of Technology and Ruhr University Bochum has demonstrated two new side-channel attacks targeting......

The US Cybersecurity & Infrastructure Security Agency (CISA) has added four vulnerabilities to its Known Exploited Vulnerabilities catalog, urging fed......

A help desk phishing campaign targets an organization's Microsoft Active Directory Federation Services (ADFS) using spoofed login pages to steal crede......

AI-Powered Social Engineering: Reinvented Threats

The foundations for social engineering attacks – manipulating humans – might not have changed much over the years. It's the vectors – how these techniques are deployed – that are evolving. And like most industries these days, AI is accelerating its evolution.

This article explores how these changes are impacting business, and how cybersecurity leaders can respond.

Impersonation attacks: using a trusted identity.

Traditional forms of defense were already struggling to solve social engineering, the 'cause of most data breaches' . The next generation of AI-powered cyber attacks and threat actors can now launch these attacks with unprecedented speed, scale, and realism.

By impersonating a French government minister, two fraudsters were able to extract over €55 million from multiple victims. During video calls, one would wear a silicone mask of Jean-Yves Le Drian. To add a layer of believability, they also sat in a recreation of his ministerial office with photos of the then-President François Hollande.

Over 150 prominent figures were reportedly contacted and asked for money for ransom payments or anti-terror operations. The biggest transfer made was €47 million, when the target was urged to act because of two journalists held in Syria.

Many of the requests for money failed. After all, silicon masks can't fully replicate the look and movement of skin on a person. AI video technology is offering a new way to step up this form of attack.

We saw this last year in Hong Kong, where attackers created a video deepfake of a CFO to carry out a $25 million scam. They then invited a colleague to a videoconference call. That's where the deepfake CFO persuaded the employee to make the multi-million transfer to the fraudsters' account.

Voice phishing, often known as vishing, uses live audio to build on the power of traditional phishing, where people are persuaded to give information that compromises their organization.

The attacker may impersonate someone, perhaps an authoritative figure or from another trustworthy background, and make a phone call to a target.

They add a sense of urgency to the conversation, requesting that a payment be made immediately to avoid negative outcomes such as losing access to an account or missing a deadline. Victims lost a median $1,400 to this form of attack in 2022.

That's the big challenge with AI, with attackers now using voice cloning technology, often taken from just a few seconds of a target speaking. A mother received a call from someone who'd cloned her daughter's voice, saying she'd be kidnapped and that the attackers wanted a $50,000 reward.

Over time these phishing attempts have become far less effective, for multiple reasons. They're sent in bulk with little personalization and lots of grammatical errors, and people are more aware of '419 scams' with their requests to use specific money transfer services. Other versions, such as using fake login pages for banks, can often be blocked using web browsing protection and spam filters, along with educating people to check the URL closely.

However, phishing remains the biggest form of cybercrime. The FBI's Internet Crime research 2023 found phishing/spoofing was the source of 298,878 complaints. To give that some context, the second-highest (personal data breach) registered 55,851 complaints.

The new way: Realistic conversations at scale.

AI is allowing threat actors to access word-perfect tools by harnessing LLMs, instead of relying on basic translations. They can also use AI to launch these to multiple recipients at scale, with customization allowing for the more targeted form of spear phishing.

What's more, they can use these tools in multiple languages. These open the doors to a wider number of regions, where targets may not be as aware of traditional phishing techniques and what to check. The Harvard Business Review warns that 'the entire phishing process can be automated using LLMs, which reduces the costs of phishing attacks by more than 95% while achieving equal or greater success rates.'

Reinvented threats mean reinventing defenses.

Cybersecurity has always been in an arms race between defense and attack. But AI has added a different dimension. Now, targets have no way of knowing what's real and what's fake when an attacker is trying to manipulate their:

Trust , by Impersonating a colleague and asking an employee to bypass security protocols for sensitive information.

, by Impersonating a colleague and asking an employee to bypass security protocols for sensitive information Respect for authority by pretending to be an employee's CFO and ordering them to complete an urgent financial transaction.

by pretending to be an employee's CFO and ordering them to complete an urgent financial transaction Fear by creating a sense of urgency and panic means the employee doesn't think to consider whether the person they're speaking to is genuine.

These are essential parts of human nature and instinct that have evolved over thousands of years. Naturally, this isn't something that can evolve at the same speed as malicious actors' methods or the progress of AI. Traditional forms of awareness, with online courses and questions and answers, aren't built for this AI-powered reality.

That's why part of the answer — especially while technical protections are still catching up — is to make your workforce experience simulated social engineering attacks.

Because your employees might not remember what you say about defending against a cyber attack when it occurs, but they will remember how it makes them feel. So that when a real attack happens, they're aware of how to respond.

New mobile apps from the Chinese artificial intelligence (AI) business DeepSeek have remained among the top three “free” downloads for Apple and Google......

Microsoft warns that attackers are deploying malware in ViewState code injection attacks using static ASP. NET machine keys found online.

The [website] Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset managem......

Microsoft has finally fixed Date & Time bug in Windows 11

Windows 11's January 28 optional update has fixed a long-standing issue in Windows 11 24H2 that prevents non-admin users from changing their time zone in Date & Time Settings.

Windows 11 24H2 has a bug that prevents regular users from accessing the Date & Time page of the Settings.

The issue was first confirmed by Microsoft in November 2024, and Microsoft has finally patched it for everyone with KB5050094.

This bug only affected non-admin users and the Date & Time view in Settings, so those with admin permissions could still use the feature.

How to fix the Date & Time bug in Windows 11 without installing the update.

If you don't want to install KB5050094, which is an optional update, there's a workaround to change the Date & Time using the Control Panel.

To change the Date & Time on Windows 11 24H2 with a non-admin account, you can open the Start menu and search for Control Panel.

You can use the search bar in the Control Panel window to look up “change the time zone” and select the top result.

You can also use Windows Run, type [website] and press Enter to open the Date and Time window.

Microsoft is rolling out the fix for the Date & Time settings bug with the optional update, but everyone will get it on February 11 when the company ships the February 2025 Patch Tuesday updates.

The foundations for social engineering attacks – manipulating humans – might not have changed much over the years. It's the vectors – how these techni......

Threat actors have been observed exploiting in the recent past disclosed security flaws in SimpleHelp's Remote Monitoring and Management (RMM) software as a pre......

Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed [website] machine keys from publicly acces......