Two new reports offer information about the present threat level and the changing tactics, techniques, and processes of the increasing number of ransomware groups as well as other threat actors attacking healthcare and other critical framework organizations in the U.S.A.
Based on the monitoring by the Information Technology – Information Sharing and Analysis Center (IT-ISAC), 57% of ransomware attacks in 2024 were performed on organizations in the United States, while 4.6% were in the U.K. The data included in the IT-ISAC report entitled Exploring the Depths: Analysis of the 2024 Ransomware Landscape and Insights for 2025 is from threat intelligence collected from around 3,500 ransomware attacks in 2024. The number of ransomware attacks increased by 500 from the 3,000 attacks discovered in 2023. The increase is a result of a better capability to monitor ransomware attacks and threat actors executing attacks in greater volume, partly because of the greater unwillingness of victims to give ransom payments. Chainalysis reported earlier this month a 35% decrease in ransom payments in comparison to 2023, in spite of more attacks.
The healthcare and public health sector ranks third in the most targeted industry with 332 verified attacks, which account for 9% of attacks in 2024. The second most targeted industry is the commercial facilities industry with 614 attacks or 17% of attacks. The top one is the critical manufacturing industry with 733 attacks or 20%of attacks. LockBit was a high-profile ransomware-as-a-service group before, but an international law enforcement campaign led to the capture of its infrastructure at the beginning of 2024. LockBit recreated its infrastructure and is still active yet it’s performing attacks at a diminished rate. RansomHub is currently the most rampant ransomware strain and was associated with 319 attacks in 2024. Next is LockBit 3.0 with 276 attacks, then Akira with 268 attacks, Play with 213 attacks, and Hunters International with 148 attacks.
IT-ISAC warned about the danger of using AI in ransomware, for example, the discovered FunkSec ransomware group. Appearing in December 2024, the group created its ransomware using AI tools, which made it avert security programs. The malware can self-modify its behavioral patterns and alter techniques in real time by examining the target’s safety posture, letting it get around usual gatekeeping like antivirus applications and firewalls. Despite only appearing in late 2024, 54 organizations were attacked. Most likely, there will be more attacks in 2025.
The report showed the varied strategies employed by ransomware groups for initial access to networks, such as RDP compromise, taking advantage of identified and zero-day vulnerabilities, remote access trojans, and social engineering, as well as the problems organizations face when protecting against several attack vectors and an alluring attack surface. Cybercriminals continue to change their attack strategies, so entities must consider a proactive, multi-layered security strategy to maintain systems security. HIPAA training of IT professionals must be included in this strategy as well. The ransomware groups are using sophisticated techniques and are taking advantage of unidentified vulnerabilities to increase their impact. The IT-ISAC is still committed to giving useful threat intelligence to enable members to be aware of arising threats and enhance their cybersecurity resilience.
