Halcyon Ransomware Malicious Quartile Q2-2024

Ransomware attacks continue to plague nearly every major business sector as well as state and local Governments. The relentless pace of attacks brings into question whether organizations fully understand the threat and what steps need to be taken to reduce the risk of costly disruptions.

Halcyon recently conducted a survey published a new study detailing the significant impact on businesses from ransomware and data extortion attacks over the past 24 months. According to the Ransomware and Data Extortion Business Risk Report, there is a strong disconnect between perception and reality when it comes to prevention and resilience against ransomware and data extortion attacks.

Data exfiltration occurs in nearly every major ransomware attack today, and nearly two-thirds of respondents said that sensitive or regulated data was exfiltrated from their organization. More than half reporting the attackers issued an additional ransom demand to protect the exfiltrated data. Additionally, 58% of victims reported that the loss of sensitive data put their organizations at additional risk of regulatory action and lawsuits.

The disconnect between perception and reality regarding the actual ransomware threat and perceived risk was underscored by the fact that the Cybersecurity and Infrastructure Security Agency (CISA) alerted nearly 2,000 organizations about known vulnerabilities being exploited by ransomware operators, yet the agency said that only about half took any action on the vulnerabilities despite the warnings.

Ransomware operators try to elicit as much pain, frustration, and publicity as possible because it translates into revenue. But we cannot discount the dual nature of many of today’s ransomware attacks, where the attackers may be serving themselves from a financial perspective but are also furthering a larger geopolitical strategy of an adversarial nation.

This is especially concerning as we move into an already contentious election season. As we approach the fall, we need to prepare for the potential that even a handful of isolated disruptions could cause unwarranted fear, uncertainty, and doubt amongst the public.

There need to be real consequences – not just for those who are orchestrating the attacks and benefitting financially, but also for the nation-states who are benefiting geopolitically. Until there are real consequences on the table, we will see these attackers continue to brazenly act with impunity.

The Halcyon team of ransomware experts has put together this extortion group power rankings guide as a quick reference for the extortion threat landscape based on data from throughout Q2- 2024, which can be reviewed along with earlier reports, on the Halcyon Resource Center.