Hackers’ tactics for extorting money by accessing victim’s personal accounts and demanding payment

Fewer attacks, but more money collected. This is the assessment (summary) of the report on ransomware from the cybersecurity company Sophos, published on April 30, 2024. We could be satisfied with the first point, however France reported the – proportionally – highest rate of ransomware attacks of all the countries surveyed. 74% of French respondents say they have been affected in the last year (data theft or ransomware with encryption). France is followed by South Africa (69%) and Italy (68%). As for the lowest reported attack rates, they match those of respondents in Brazil (44%), Japan (51%) and Australia (54%).

To gather this data, Sophos relies on an independent survey conducted among 5,000 IT managers interviewed between January and February 2024. They come from 14 countries located in North and South America, Europe, Africa and Asia-Pacific, and work across many sectors.

The report notes that 59% of organizations surveyed were hit by ransomware last year. That's a slight drop from the 66% reported over the previous two years, but that number is still too high to allow for breathing room.

Hackers increasingly ingenious in their methods

“ One of the most notable findings from this year's study is that 63% of ransom demands are for $1 million or more, with 30% of demands for $5 million or more.. » The median payment is around $2,000,000, a 5x increase from the reported $400,000 in 2023.

How to explain it? Most of the organizations paying the highest amounts are health or educational establishments, as well as public services. In many countries, the administration has a policy of never paying cybercriminals. These could therefore be universities and private clinics, including in the United States, which give in to blackmail and pay huge ransoms, given the large number of users stored there.

Finance companies are among those paying the highest sums in the private sector. “ Hackers have become more professional and have learned over time to work with their victims. Once they infiltrate the system, they will examine the accounts and demand the ransom based on the companies' results », Explains John Shier, cybersecurity specialist at Sophos. The cyber expert has already encountered messages such as “ We have seen the state of your finances, so we know that you can pay us such amounts » sent by hackers.

The other point to note is the escalation of pressure tactics. Some hacker groups will not hesitate to contact customers, write to the press or publish compromising photos of patients in the case of attacked hospitals. A French establishment, the Simone-Veil hospital in Cannes, was also targeted by the Lockbit gang and the group threatens to reveal the data shortly.