Ransomware attacks have seen dramatic changes over the past few years. Once considered a mere nuisance, they now pose a potentially devastating threat to organizations of all sizes.

Back in 2019, ransomware attacks were just ramping up, focusing on infecting single machines. However, by 2020 and 2021, ransomware became more aggressive, with attacks targeting entire organizations and leading to more widespread damage, according to Kimberly Goody (pictured), head of cyber crime analysis at Google LLC. By 2023, an alarming new trend emerged: although fewer organizations paid ransoms, the median ransom payment skyrocketed from $200,000 to $1.5 million, a shocking seven-fold increase.

“I think one of the things that contributes to [the rise in ransom payments] is not just the data leak threat, but also the size of the organizations being targeted,” Goody said. “We had a report just a couple of months ago of this $75 million ransom payment, which to me, that’s enormous. That’s a lot of money.”

Goody spoke with theCUBE Research’s John Furrier and Savannah Peterson at mWISE 2024 during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the latest ransomware stats and trends, including increasingly aggressive extortion attempts, and how organizations can more effectively prepare for and respond to the threat. (* Disclosure below.)

Personal threats to executives are on the rise

Ransomware attacks have evolved from data breaches and financial theft to more personal threats, targeting executives and their families. These attacks can involve attempts to intimidate executives by publicizing personal information or threatening their loved ones. This willingness to apply psychological pressure represents an escalation in how threat actors operate.

Google’s Kimberly Goody talks with theCUBE about the latest ransomware trends, including increasingly aggressive extortion attempts.

“We definitely have a few threat actors that we track that … we expect to go above and beyond on the personal attacks or the personal threats,” Goody said. “And that might look like contacting the executive’s family members … and be like, ‘Hey, you need to tell your spouse, tell your dad that they need to pay this ransom.’ We’ve also seen cases where a threat actor will make it known to a victim that they know where an executive lives.”

While these threats haven’t yet resulted in physical violence, it’s a worrying trend, according to Goody. These techniques reflect a next-level, aggressive threat of harassment.

“It’s something that people should be aware of,” she noted. Goody added that organizations must consider both digital and physical security in their response plans.

How law enforcement and AI are combatting ransomware attacks

Organizations and law enforcement have stepped up their game in fighting ransomware. A multifaceted approach combining strategic interventions, technological defenses and law enforcement efforts is proving to be helpful, according to Goody. These efforts have led to 14 disruptions by law enforcement in ransomware operations this year.

“LockBit is a great example of activity that occurred this year where they didn’t just target the infrastructure or the payments, they also did some initiatives to sow distrust between the threat actors that were running that service and the affiliates,” she said. “I think taking that big, multifaceted approach to disruption is really important, and we’re seeing some wins there.”

Another promising area is using artificial intelligence to enhance cybersecurity defenses. AI is helping organizations scale their threat detection efforts, allowing them to identify and address vulnerabilities more efficiently, according to Goody.

“I think looking at AI and how that might be able to help us scale our operations and what we’re able to cover,” she said. “To be honest, we’re expected to cover everything … and it’s impossible to cover everything. Anything that can help us in the way of scale is awesome, and I love to see the innovations that we’re having internally in that direction.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE Research’s coverage of mWISE 2024:

(* Disclosure: Google Cloud Security sponsored this segment of theCUBE. Neither Google Cloud Security nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE