Delinea recently published its annual State of Ransomware report. The analysis revealed an upward trend in ransomware, signalling a shift in cybercriminal strategies. Traditional techniques of incapacitating a business and demanding a ransom have given way to stealthier methods, such as exfiltrating confidential data to sell to the top payer on the darknet or utilising it to demand substantial cyber insurance settlements.

The research, entitled ‘State of Ransomware 2024: Anticipating the Battle and Strengthening Your Defenses,’ analysed Censuswide survey data from more than 300 American IT and Security decision makers. The research sought to uncover significant shifts compared to previous year data and determine emerging trends. Primary among them is a resurgence of ransomware; even though the numbers have not yet reached the 2021 peak, the proportion of organisations citing themselves as recent victims more than doubled from 25% to 53%. Mid-sized businesses have emerged as the prime targets of cybercriminals, with 65% of these organisations noting incidents of ransomware in the last 12 months. There are also more victims paying ransoms than before, with the figure increasing from 68% to 76% since the last year.

Interestingly, the survey shed light on new motives, strategies, and tactics. There was a 39% surge in data exfiltration, shifting from 46% to 64% and becoming the motive of choice for attackers. This move towards stealing sensitive data to sell on the darknet is demonstrated in the significant decline in traditional money extortion, which dropped from 69% to 34% this year.

Rick Hanson, President at Delinea, stated, “Ransomware certainly appears to have reached a critical sea change – it’s no longer just about the quick and easy payout. Even as organisations are investing more in safety nets like cyber insurance which often have ransomware payouts included in coverage policies, cybercriminals are finding that using stealth tactics to stay under the radar and access sensitive, valuable information to sell is the better investment of their effort.”

Another notable development is the shift in cyber criminals’ tactics. The preferred method moved from email (down…