Pentesting
Vulnerability Manager
Automated ScansThey weren’t ready: How ransomware took down major companies in 2024
Ransomware continues to be a significant threat to businesses, with attackers constantly refining their methods to inflict maximum damage. This malware encrypts files, making them inaccessible unless a ransom is paid, leaving organizations vulnerable to financial loss, reputational damage, and operational downtime.
The stakes have never been higher, and staying informed is the first step in building resilience. Let’s explore the latest ransomware tactics, the impact of real-world attacks, and actionable strategies to protect your business.
Real-world examples: Lessons from 2024 ransomware incidents
Banco Santander
In May 2024, Banco Santander suffered a ransomware attack that exposed the data of 30 million customers across Spain, Chile, and Uruguay. Employee records were also compromised, highlighting vulnerabilities within the organization’s supply chain. Santander responded by isolating systems, working with cybersecurity experts, and reinforcing third-party security evaluations.
Key takeaway: Strengthening supply chain security and implementing multifactor authentication (MFA) can mitigate the risk of similar breaches.
Ticketmaster
A separate ransomware incident in May 2024 targeted Ticketmaster, compromising personal and financial information of 560 million users. Attackers exploited unpatched software vulnerabilities, demonstrating how neglecting updates can lead to catastrophic outcomes. Ticketmaster’s response included notifying affected users, patching vulnerabilities, and improving internal security protocols.
Key takeaway: Consistent patch management and proactive network monitoring are critical to preventing ransomware attacks.
AT&T
In April 2024, AT&T was hit by ransomware, impacting over 110 million customer records. Attackers demanded a substantial ransom, threatening to release sensitive data if payment wasn’t made. The company worked with cybersecurity specialists to contain the attack and implemented stricter access controls.
Key takeaway: Network segmentation and access management are essential to limit the impact of ransomware infections.
How ransomware attacks are evolving
Attackers are adopting increasingly sophisticated and aggressive tactics. Key trends include:
Data exfiltration as leverage: Beyond encryption, cybercriminals now steal sensitive information to pressure victims with threats of public disclosure. This tactic amplifies the potential impact of an attack, making recovery even more complex.
**Targeting supply chains: **By focusing on vendors and partners, attackers can infiltrate multiple organizations through a single vulnerability. Supply chain attacks have become a go-to strategy for maximizing reach and impact.
AI-enhanced attacks: Artificial intelligence is being used to automate and refine ransomware campaigns, enabling attackers to identify weaknesses and bypass defenses more efficiently.
Diverse ransom demands: Cryptocurrencies less traceable than Bitcoin are becoming the preferred payment method, complicating efforts to track and disrupt ransomware groups.
These trends highlight a shift in ransomware tactics, where attackers prioritize maximizing disruption and financial gain while staying ahead of detection methods.
Strategies to protect against ransomware
Despite the increasing sophistication of ransomware attacks, organizations can take proactive steps to minimize their risk:
Maintain secure backups: Regularly back up critical data and store it offline to ensure quick recovery without paying a ransom. Prioritize software updates: Patch all systems and applications promptly to close known vulnerabilities. Invest in employee education: Train staff to recognize phishing attempts and other common entry points for ransomware. Perform regular penetration tests: Simulate attack scenarios to identify and address vulnerabilities before attackers can exploit them.
Companies must also establish a comprehensive incident response plan that includes containment, recovery, and communication strategies. By combining preventive measures with a prepared response, businesses can significantly reduce the impact of ransomware attacks.
Watch the Ransomware Trends webinar for expert insights
Understanding ransomware trends is just the first step toward safeguarding your business. In our on-demand webinar, Ivan Lendner from Strike and Mateo Bovio, CEO at Whalemate, explore the latest tactics used by attackers, share lessons from real-world incidents, and discuss actionable strategies to protect your organization.