An explanation of how the threat of ransomware attacks on organisations has developed throughout 2024, drawing on data from the Sophos State of Ransomware survey and explaining how Intercept X can offer advanced defences against this prevalent threat.
What is Ransomware?
Ransomware is a type of malicious software that, if installed, can stop you from gaining access to your systems and will then demand that you pay the perpetrator to regain access – in other words, it will hold your systems to ransom. Ransomware can come in many shapes and sizes, below are a few of the most common types that we outlined in 2023. Want to find out how to protect your company? Skip down to Protective Actions.
Types of Ransomware Attack
Crypto Ransomware, also known as "encryptors", is one of the most common and dangerous types. This kind encrypts files and data, rendering the material useless without the decryption key. Unlike the other types below, crypto ransomware may infiltrate your systems in several different ways.
Phishing refers to one of the methods in which ransomware may make its way into your system. It occurs when a malicious email, which may appear at first to be authentic, is opened and the links within are clicked on. Unfortunately, opening these all but friendly emails will allow the ransomware to be downloaded onto your device. Once in, the ransomware can exploit the security flaws in your device and take control of your systems.
Scareware may often appear as a security software pop-up, warning you that malware has been identified and that the only way to remove it is to pay. However, despite the name, there is often nothing to be afraid of as attackers are merely bluffing to coerce you into paying, meanwhile your files remain secure.
Doxware or Leakware refers to when an attacker threatens to release sensitive data online. Although the threat may not always be legitimate, most individuals panic and pay the requested ransom.
Lockers refers to when a pop-up emerges, requesting a ransom, and totally locks the user out of their computer. Most pop-ups make the user feel like they are in the wrong and will often display timers to pressure you into paying quickly without the opportunity to report or resolve the attack instead.
Impact of Ransomware Attacks
Ransomware can have an enormous impact on your company's operations and data security, and some organisations take up to one month to recover from an attack. Here are some key takeaways about the impact of ransomware from the Sophos State of Ransomware update in 2024.
59%
94%
32%
$2.0m
What's New In 2024?
Focus on Critical Infrastructure
Ransomware continues to be the most impactful cybersecurity threat, with its high financial rewards and established business model making it an attractive extortion method. Criminals target a wide range of organisations, many of which don’t make the headlines, but those who do have historically been those with the highest reward potential.
For example, threat actors have attacked hospitals, schools, and government entities across the world, with local councils and the National Health Service (NHS) being some of the most public cases in the UK. Infrastructure companies such as these typically have outdated and unsupported legacy systems, and therefore are an easy target for threat actors looking to exploit vulnerabilities and enter their network.
Ransomware-As-A-Service (RaaS)
Ransomware-as-a-Service (RaaS) is an increasingly popular platform that criminals and threat actors can use to access ransomware with no upfront costs. Many platforms operate with a subscription model, which mirrors the successful models used by legitimate platforms, to offer access to ransomware variants, distribution channels, and support in exchange for a share of the profits.
Hackers can leverage RaaS platforms to perform the most efficient and effective assaults on any chosen company, with this increased accessibility to powerful malware products making the ransomware extortion method as the most profitable cyberattack on the market today. As these platforms continue to develop into 2025, there will be a significant increase in the threat of cybercrime on organisations.
Artificial Intelligence (AI)
Artificial Intelligence (AI) is expected to have an enormous impact on the threat of ransomware. Criminals are already using AI to streamline cyberattacks, and it will almost certainly increase the volume and impact of attacks in the near future. It enables relatively unskilled threat actors to carry out sophisticated attacks, with improved targeting and more effective information-gathering than ever before.
There are reports that AI is helping criminals to develop malware that can avoid detection by security software, craft phishing emails that are extremely targeted and persuasive, and encrypt files at a startling rate. As this continues, it could have an unprecedented impact on businesses across the world, which is why it’s so important to take a proactive approach to your cybersecurity.
"Hackers can leverage RaaS platforms to perform the most efficient and effective assaults on any chosen company"
Industries at High Risk for Attack
Local Government & Public Services
Across the UK there has been an increasing number of attacks on local government organisations and public service companies. Recently, for example, we saw Synnovis, an NHS pathology services provider, experienced an attack that caused the cancellation of over 10,000 appointments and a significant data leak that immediately made the headlines. The extent of the attack meant that they had to rebuild their IT systems to continue to operate, which caused significant disruption to their operations.
In 2023, we saw Gloucester City Council fall victim to a ransomware attack for the second time in 10 years, where many of the council’s systems were encrypted and taken offline. It cost the council £1.1 million to remediate the damage caused by this attack. Hackers, in these instances, appear to be targeting large public organisations to perform extortion at the threat of an enormous data leak. Any company with a significant amount of public data should be concerned about the increasing threat of a ransomware attack.
Logistics & Transportation
Transportation has been brought back into the spotlight recently with the incident that occurred with Network Rail’s WiFi network this September. Attackers were able to use a vulnerability in their network and transmit extremist messages onto the devices of unaware service users, which caused considerable concern amongst the public and made headlines. In 2023, KNP Logistics Group was attacked by threat actors who caused irreparable damage to their systems in an incident that plunged the company into insolvency, making 730 people redundant.
In these examples, the motivations of the threat actors appear to be mixed. In the Network Rail incident, it appears to be a case of ‘Hacktivism’, where the threat actors were politically motivated and were sending a message to service users. However, in the case of KNP Logistics, we can estimate that ransomware was used purely to extort the company. Similar transport organisations should be concerned about the latter example, as it highlights that cybercriminals do target private organisations more frequently than what we’re aware of, as many instances don’t make the headlines.
Manufacturing & Production
In recent years, the manufacturing industry became a prevalent target for security attacks due to legacy systems and unpatched applications. One of the more notable examples is Wiltshire Farm Foods who provide frozen ready meals to care homes, nurseries, hospitals, and schools in the South West. In 2022, they were attacked by threat actors who were able to significantly disrupt their operations and leave service users without meals.
Attackers were able to cause enough damage to mean that the company had to rebuild and replace most of their hardware and software, likely costing hundreds of thousands of pounds. In response to the increased threat of ransomware, we have seen companies like Castell Howell and AG Barr onboard with Sophos Intercept X to manage their cybersecurity.
Actions to Protect Your Business
Addressing an attack situation requires a straightforward three-step approach: implement a more scalable incident response process to accelerate response time; leverage adaptive defences to slow down adversaries; and create a virtuous cycle that improves protection and lowers cost.
Stopping advanced, persistent adversaries will require you to optimise your organisation’s defences, using context-sensitive technologies to elevate the level of protection in proportion to the situation. Crucially, these defences will buy you time to apply human expertise to address the root cause.
Optimise Prevention
Reduce Exposure
Disrupt Attackers
How Intercept X Protects Your Business
Sophos Intercept X is the industry-leading Endpoint Security solution that reduces the attack surface and prevents attacks from running. Combining anti-exploit, anti-ransomware, deep learning AI and control technology it stops attacks before they impact your systems. Intercept X uses a comprehensive, defense-in-depth approach to endpoint protection, rather than relying on one primary security technique.
Key Features of Intercept X
- Informed by Deep Learning, a process that dissects unknown malware to detect new behaviours and stop unknown threats. SophosLabs work through 400,000 new instances of malware each day and use their findings to develop Intercept X, meaning that you're always protected from the latest threats.
- CryptoGuard will analyse information in real-time and shut down any encryption processes automatically, reverting all files back to normal once the threat has been contained. It means that you'll never have to worry about paying ransom, as all of your files are protected.
- Anti-Exploit recognises and blocks common malware delivery techniques, protecting endpoints from phishing attempts, malware downloads, and zero-day code vulnerabilities, providing you with comprehensive prevention against 99.98% of ransomware attack methods.
- Simple Management with Sophos Central allows you to see the complete picture of alerts across all devices in your network, helping you to prioritise your time effectively and understand your cybersecurity posture.
"Intercept X stops attacks before they enter your systems, using a comprehensive defence-in-depth approach"
Ostratto: Your Security Partner
With a team of technical professionals to assist your business on a truly personal basis, and diverse knowledge across some of the most advanced technology, Ostratto have the skills and expertise to deliver comprehensive, cost-effective solutions and fully-managed services. We’re here to help you to find the most suitable products for your business needs, and provide you with ongoing support across your time with us.
Wherever your organisation is right now, and where it wants to be in the future, we can help you to accelerate your defences and move ahead of today’s advanced adversaries. For more information, view our security products or speak with a security advisor today.
Book Your Free Discovery Call
If you think that your business could benefit from Intercept X, or if you'd like to find out more information about how we can improve your cyber defences, please book a free discovery call with one of our experts below. We'll be happy to help, in whatever way we can.