Law enforcement crackdowns saw ransomware payments fall by more than a third from an all-time high of $1.2b (£930m) in 2023 to $813m (£650m) in 2024, figures reveal.
Coordinated raids across Ukraine in 2024 also culminated in the arrest of key members of LockBit, a ransomware group that had been responsible for attacks affecting over 2,000 victims in over 70 countries, including the UK, receiving more than £90m in ransom payments.
Significant progress has been made in dismantling ransomware organisations, and the reduced number of incidents are a testament to the effectiveness of law enforcement, international collaboration, and a growing refusal by victims to bow down to attacker demands.
While the figures might indicate that we’ve narrowly dodged a ransomware extortion crisis, the biggest mistake would be to rest on our laurels, as the threat is not eliminated entirely. The ransomware ecosystem is rife with smaller players, with more emerging from the cracks. It is no surprise that JumpCloud’s 2024 IT Trends research reveals over half of IT admins surveyed still rank ransomware as a top three security concerns, and rightfully so.
Ransomware ban: addressing the symptoms or root cause?
The UK government’s recent proposal consultation signals a firmer stance on ransomware payment demands. According to the Home Office, proposed legislation will aim to reduce the flow of money to ransomware criminals from the UK, ultimately deterring criminals from attacking UK organisations; and increase the ability of operational agencies to disrupt and investigate ransomware actors by bolstering UK intelligence around the ransomware payment landscape.
This is a step in the right direction and shows a real shift towards institutional change. However, ransomware is a disease. Banning pay-outs addresses the symptoms, but we need to tackle the cause and explore how technology can protect against ransomware threats before they happen.
Never Trust, Always Verify
With ransomware attacks preying on weak security fundamentals, the best defense is a strong offense. A multi-layered Zero Trust security approach is the key for businesses. This means assuming that no user or device, whether within or beyond the organisation’s network, is inherently trustworthy.
Some core fundamentals include requiring Multi-Factor Authentication (MFA) for every account. This way, even if credentials fall prey to attackers, there is another layer of defense in place and stolen credentials alone will not be usable. Sensitive systems should not be logged on from almost anywhere and controlled limited access based on device trust and location reduces the risk of breaches. Conditional Access Policies, whenever and wherever possible, makes sure only verified devices and users can get into company resources.
Beyond getting your data held hostage during ransomware attacks, destroyed backups can further compromise effective data recovery. Therefore, isolated backups and protection ensure the backup service is resilient to follow-up attempts to destroy backup data, malicious editing, overwriting or deleting.
While backups are important, businesses must also make sure to thoroughly test their data recovery regime, as well as run simulated ransomware tabletop exercises to test businesses’ preparedness and sharpen their response capabilities against real ransomware threats.
At the core, strong cyber hygiene across an organisation is crucial. This includes patching known vulnerabilities, regularly monitoring to identify suspicious activity early, and reducing potential entry points for attackers.
The right defenses make all the difference. A “Never Trust, Always Verify” mindset backed by tighter access controls, automated monitoring, and cloud-based security policies can keep attackers out before they make their move.
The strongest firewall is your team
A chain is only as strong as its weakest link. While the technology already exists and plays a huge role in thwarting ransomware attacks, it is equally important to make sure businesses are cultivating a culture of protection.
Employee training on phishing and social engineering can help organisations further minimise vulnerabilities and strengthen their overall ransomware defenses. These regular training sessions should cover topics like avoiding suspicious downloads and reporting potential security incidents. Improved awareness ensures that all users are vigilant and can significantly reduce the risk of a successful ransomware attack.
While law enforcement is actively cracking down on ransomware groups and firmer legislation aims to reduce the number of attacks, ransomware threats are not slowing down. But businesses can take several steps to make it far more difficult for attackers. By leveraging more resources and technology solutions while also nurturing a strong culture of protection within the organisation, we have the power to slow the surge of ransomware attacks globally.
About the Author
Robert Phan is Chief Information Security Officer (CISO) at JumpCloud. JumpCloud® delivers a unified open directory platform that makes it easy to securely manage identities, devices, and access across your organization. With JumpCloud, IT teams and MSPs enable users to work securely from anywhere and manage their Windows, Apple, Linux, and Android devices from a single platform. JumpCloud is IT Simplified.
