In February 2024, several international law enforcement agencies scored a major success in the fight against cybercrime by seizing control of infrastructure used by LockBit, one of the world’s most active ransomware groups, while developing decryption keys that could enable the recovery of many LockBit-encrypted systems. However, LockBit has reportedly continued attacking companies using new servers and dark web domains, which demonstrates the persistence of cybercriminals. While law enforcement continues to pursue cybercriminals and companies continue to improve their cybersecurity measures, ransomware remains rampant and attacks are increasing in sophistication and number, not least due to:

• the rise of widely available generative AI; and
• the increasing commoditization of ransomware, particularly through ransomware as a service

In 2024, ransomware demands and payments have continued to climb, reflecting the ongoing evolution and aggressiveness of cybercriminals’ tactics. The first half of 2024 saw ransomware attacks increase in both frequency and scale, with the average ransom demand reaching over $1.5m in the second quarter of 2024 – a 102 percent increase quarter over quarter. This increase is largely driven by the continued success of multiple-extortion schemes, where attackers not only encrypt data but also exfiltrate it, threatening to release sensitive information if ransoms are not paid.

Attackers may also threaten to deploy distributed-denial-of-service attacks or threaten employees and customers of victims to apply additional pressure on companies. A group of cybercriminals has even been known to lodge a complaint with a regulatory authority to denounce the failure of the company that suffered the data breach to disclose it as required by law, thereby using the law as a means of exerting pressure. The emergence of new groups and ransomware variants of cyberattacks, including rebranded ransomware groups, has also contributed to the record-breaking number of incidents and payments. Despite ongoing law enforcement efforts, the overall threat continues to grow, with 2024 potentially becoming the worst year on record for ransomware payments.

Beyond ransomware attacks, supply chain attacks continue to be a significant issue. Companies rely on third-party vendors, which provide systems and services critical to those companies.

Cyberattacks, vulnerabilities or even faulty updates at vendors have resulted in significant losses for numerous customers of those vendors and highlighted the growing importance of integrating cybersecurity into a company’s overall risk management. These incidents underscore the cascading effects that supply chain attacks can have, leading to regulatory penalties, breach of contract claims and potential litigation.

Additionally, supply chain attacks can be more challenging to investigate as an affected customer may have limited visibility into an attack on a third party vendor and limited control over the vendor’s investigation. In fact, supply chain risk has become such a significant issue that the US’ National Institute of Standards and Technology (NIST) released its first major update of its Cybersecurity Framework, since 2014, to incorporate practices to manage cybersecurity risks within and across organizations’ supply chains. Organizations must bolster their cybersecurity measures, ensure their supply chain contracts include robust security provisions and stay compliant with evolving regulations. Legal teams should prepare for complex liability issues and the intricacies of data breach notifications that arise from such multifaceted attacks.