After a record year in 2023 in terms of the number of attacks and amounts extorted from victims, ransomware has begun to decline since the beginning of 2024, as large-scale police operations have destabilized cybercriminal networks, according to many experts' estimates.
“In the first four months of 2024, the number of publicly reported incidents related to ransomware rose.” [“rançongiciels” en français] “Cyberattacks have decreased compared to the first four months of 2023,” Alan Leska, a cybersecurity expert at Recorded Future, told AFP.
This type of malware exploits the security vulnerabilities of a company, a public building, a community, or even an individual, to encrypt and block computer systems, and demands a ransom to unlock them.
These attacks are particularly lucrative for hackers, and are devastating for victims who, even when they do end up paying, can see their data stolen and resold in the “Dark web», or in the depths of the Internet.
In its Q1 2024 report on Internet security, the American IT defense company WatchGuard also noted a 23% decrease in ransomware attacks, compared to the end of 2023.
cleaning
After a lull in 2022, the number of attacks using this type of malware increased sharply last year.
The French cybersecurity startup Cybelangel reported a 40% jump in one year, while the American company Chainalogy, which specializes in studying cryptocurrency transactions, estimated the amounts paid by victims at a “record level.”
That's why this ransomware is in the crosshairs of authorities in many countries, which have implemented significant measures in recent months.
In February, the LockBit group was dismantled through an international police operation. According to Alan Liska, it has accounted for up to 30% of ransomware attacks in recent years.
At the end of May, a raid was carried out in several countries, called “Endgame,” which took offline more than a hundred servers playing a major role in spreading the malware.
“All of these operations have had a real impact on the ransomware ecosystem,” says a Recorded Future expert, destabilizing cybercriminals' businesses and creating confusion among different groups of hackers.
“There is a kind of purging of the ‘ransomware’ landscape that has allowed a certain number of new groups to emerge and structure themselves,” notes Nicola Raiga Clemenceau, a cybersecurity expert at XMCO.
If there are more than a dozen, including RansomHub or Hunters International, it is difficult to know whether their power to cause damage will be as strong as their predecessors.
“physical consequences”
However, “some of these young groups [opérant des] Alan Liska points out that ransomware, such as Scattered Spider, threatens to resort to “new and more violent tactics.”
“Data stolen by hackers may include the address of the CEO or head of IT security [d’une entreprise] […] “When negotiations fail, the consequences can not only be digital, but they can become physical,” he adds.
For Louis Delabarre, the decline in ransomware can also be explained by increased investment by companies in more efficient defense systems.
“We are now seeing the benefits of 2023, which was very sensitive and difficult in terms of ransomware,” notes the expert from the cybersecurity company Nomius. “Decisions were made about budgets and the Olympics were an accelerator.”
If the Olympic Games in Paris (July 26 – August 11) are not in themselves a sensitive target for this type of attack, the 15 million visitors expected to arrive in the capital whet the appetite of cybercriminals, who have already launched phishing campaigns in the form of e.g. ,fake online lotteries to win tickets; Or a way to trick Internet users into recovering personal data and identifiers, often as a first step before launching a larger attack.
But all the experts interviewed by AFP agree that ransomware attacks are likely to rebound quickly, perhaps even before the end of the year.
“There is a lot of money to be made [les pirates] “We won't stop anytime soon,” warns Alan Leska.