CyberSecurity Alert: $5.2 Million Ransomware Demand Hits New High in 2024

In the first half of 2024, ransomware attacks continued to wreak havoc globally, with a startling average extortion demand exceeding $5.2 million (£4.1 million) per incident, as revealed by a comprehensive study from Comparitech.

This unsettling statistic stems from an analysis of 56 documented ransom demands issued by cyber threat actors between January and June 2024. Among these, the most staggering was a demand of $100 million (£78.9 million) following an attack on India’s Regional Cancer Center (RCC) in April 2024, underscoring the high stakes and devastating impact of such cyber assaults.

In another notable incident, UK-based pathology provider Synnovis faced a ransom demand of $50 million (£39.4 million), leading to widespread disruptions across hospitals in South East England, where critical operations and appointments were abruptly cancelled. The attack, attributed to the Qilin group, purportedly compromised 400GB of sensitive NHS patient medical records, amplifying concerns over data security and patient confidentiality.

Adding to the list of significant ransom demands, Canadian retailer London Drugs encountered a ransom demand of $25 million (£19.7 million) from the LockBit group in May 2024, underscoring the relentless and financially motivated nature of contemporary cyber threats.

Over 35 Million Records Stolen in Ransomware Attacks

In the first half of 2024, researchers documented 421 confirmed ransomware attacks, which impacted approximately 35.3 million records. These numbers reflect a decrease compared to the same period in 2023, during which 704 attacks affected 155.7 million records. However, it’s important to note that disclosures of breaches for H1 2024 are ongoing, suggesting these figures may rise.

Additionally, Comparitech reported an additional 1920 attacks claimed by ransomware groups but not formally acknowledged by the purported victims.

Among the confirmed attacks, private businesses bore the brunt with 240 incidents affecting 29.7 million records since January 2024. Government entities followed with 74 attacks impacting 52,390 records, while the healthcare sector faced 63 attacks affecting 5.4 million records. These statistics underscore the widespread and varied impact of ransomware across different sectors, highlighting ongoing challenges in cybersecurity and data protection efforts.

The top five ransomware incidents in H1 2024 by number of individual records affected were:

• LoanDepot– 16.9 million records
• Izumi Co – 7.7 million records
• Prudential Insurance – 2.5 million records
• India’s Regional Cancer Center (RCC) – 2 million records
• Ann & Robert H. Lurie Children’s Hospital of Chicago – 791,784 records

LockBit Remains Most Prolific Ransomware Group

Notorious ransomware-as-a-service (RaaS) operator LockBit was responsible for the highest number of confirmed attacks in H1 2024, at 48.

This is despite a significant law enforcement operation that took down the group’s infrastructure in February.

Following a period of apparent dormancy, LockBit operators appear to have resurfaced, with an analysis by NCC Group finding it was by far the most prominent ransomware group in May 2024.

The next most prominent group in the first half of 2024 according to Comparitech was Medusa (31 attacks), followed by BlackBasta (27), Akira (20), 8Base (17) and INC Ransom (16).

The researchers also observed an increase in groups who no longer encrypt files as part of their attack and instead rely solely on data theft for extortion.