The year 2024 ends with a worrying picture for cybersecurity worldwide. Despite a slight decrease in attacks compared to 2023, detailed analysis reveals that the methods used by cybercriminals are becoming more sophisticated, and that the financial impact on the organisations affected is increasing. Tyrex takes a look at the key figures and trends to watch out for in 2025.
The threat landscape in 2024
An apparent slight decrease that masks a complex reality
The latest data compiled by Comparitech for the year 2024 shows 5,461 claimed ransomware attacks worldwide, of which 1,204 could be formally confirmed. These incidents led to the compromise of more than 195.4 million pieces of sensitive data. While these figures appear to mark a decline compared with the 1,474 attacks and 261.5 million records compromised in 2023, this apparent improvement should be interpreted with caution.
As Comparitech analysts point out, many attacks are not reported until months or even years after they have occurred. The figures for 2024 are therefore likely to be revised upwards in the coming months, as new compromises are documented.
Ransomware: ever-higher ransoms
The year 2024 confirms the upward trend in the amounts demanded by cybercriminals. The average ransom demand exceeded 3.5 million dollars, while the average amount actually paid was 9.5 million dollars. In total, victim organisations paid out more than 133.5 million dollars in an attempt to recover their data or prevent it from being disclosed.
This disproportion between the amounts requested and those actually paid reflects a complex negotiation dynamic between attackers and victims. It is also a deliberate strategy on the part of cybercriminals to demand deliberately excessive sums.
Which actors lead the threat?
Among the most active groups in 2024, RansomHub emerged as the most widespread ransomware, with 89 confirmed attacks. It was closely followed by
- LockBit (83 attacks),
- Medusa (62)
- Play (57).
Which sectors are most affected?
Companies, prime targets for attackers
Unsurprisingly, the private sector accounted for the majority of attacks, with 728 confirmed incidents affecting companies of all sizes and in all sectors. The impact of the malware was particularly severe, with 166.5 million pieces of data compromised. The average ransom demanded was $3.7 million, but the amount actually paid was a staggering $14.4 million on average.
Public sector and healthcare: targets with a high societal impact
Government agencies suffered 179 confirmed attacks in 2024, compromising 1.5 million items of data. The average ransom demanded was $2.3 million, with an average actual payment of $923,000.
The healthcare sector, which is particularly sensitive due to the critical nature of its activities, recorded 181 attacks affecting 25.6 million items of data. Cyber criminals demanded an average of 5.7 million dollars. Health establishments and hospitals generally paid an average of around 900,000 dollars, a significant sum that is putting a strain on health centres’ finances.
Relative improvement in the education sector
While almost all sectors of activity saw a stable or upward trend in cyber attacks between 2023 and 2024, education was the exception, with a notable decline. Attacks on educational establishments fell from 188 in 2023 to 116 in 2024. This relative improvement can be explained by the strengthening of cybersecurity measures in this historically vulnerable sector, but remains to be confirmed over the long term.
Nevertheless, the educational establishments affected saw 1.8 million items of data compromised, with ransom demands averaging $847,000.
What is to be expected in 2025?
Likely increase in large-scale attacks
The experts at Comparitech remain cautious about their forecasts for 2025, pointing out that it is difficult to accurately anticipate developments in a landscape as dynamic as that of ransomware. Nevertheless, several trends are emerging.
Large-scale attacks targeting critical infrastructures or organisations with international ramifications are likely to continue and even intensify.
These operations, which are likely to cause considerable disruption and affect massive volumes of data, represent a major risk for 2025.
The shadow cast by the Cleo performance
A specific threat is already looming over the beginning of 2025: the consequences of the Cleo exploit developed by the Clop group. The group threatened to disclose the data of around 66 companies towards the end of 2024, foreshadowing a wave of incidents in the early months of 2025.
Good to know: In today’s cybersecurity landscape, USB devices represent one of the most accessible and effective attack vectors for cybercriminals. These seemingly innocuous devices can contain sophisticated malware capable of compromising an entire corporate network in a matter of moments. In the face of this threat, it is possible to install a white station system, such as those offered by Tyrex.
