As many as 90% of organizations have been hit by ransomware, and three quarters hit more than once over the past 12 months, according to a US and UK study.
The rise in ransomware attacks is being driven by infostealer malware and “digital identity exposure,” researchers at SpyCloud found. Ransomware impacted 75% of organizations this year, up from 61% in 2023.
The SpyCloud team identified multi-factor authentication bypass via session hijacking, and infostealer malware, as driving ransomware growth. One in five individuals had been hit with an infostealer infection.
Attackers are becoming better at bypassing measures such as multi-factor authentication and antivirus software – 54% of devices infected with infostealer malware were running antivirus or endpoint detection and response applications.
Phishing and social engineering remained the most common way for ransomware to enter victims’ networks, accounting for 25% of attacks.
Third-party access was the route in 17% of cases and 15% due to stolen cookies or session hijacking. Risks from third-party devices were a concern for 82% of those surveyed.
According to the 2024 SpyCloud Malware and Ransomware Report, there was also a significant year-on-year increase in the number of organizations paying a ransom. In 2023, 48% paid out – this year 62% paid a ransom.
Worryingly, of those organizations that did pay a ransom, only a third fully recovered their data. Another 16% partially recovered data. A further 36% did not pay a ransom but successfully recovered their data, nonetheless.
As many as 44% of businesses faced over $1m of costs following a ransomware attack, an increase on the 39% facing such costs in 2023. In addition, almost two thirds of ransom demands were for $1m or more.
Read more about the costs of ransomware: Ransomware Attack Demands Reach a Staggering $5.2m in 2024
Across industries, the insurance sector was the most likely to targeted by ransomware, followed by healthcare. But technology companies faced the most attacks, with 83% being targeted at least six times.
“With ransomware operators increasingly exploiting infostealer-exfiltrated data like session cookies, it’s become clear that traditional defenses are no longer enough,” said Damon Fleury, chief product officer at SpyCloud.