Manufacturing was the most impacted sector in 2024: Arete

Manufacturing seems to be the new hot target for hackers. This sector is closely followed by Professional, Scientific, and Technical Services, according to cybersecurity company Arete.

The firm, collating the broad trends around cyber attacks in 2024, said manufacturing, professional, scientific and technical services constitute 40 per cent of all the ransomware and extortion victims.

The Construction, Finance & Insurance, and Healthcare & Social Services industries rounded out the top five most impacted sectors for the year.

Most ransomware and extortion activity Arete observed in 2024 was opportunistic in nature, meaning threat actors were not targeting one specific industry, it said in the 2024 Annual Crimeware Report.

Percentage of Attacks by Sector

The threat landscape, the most commonly observed ransomware and extortion groups, trends in ransom demands and industries targeted, and what may be coming next.

In 2024, the percentage of companies and organizations making ransom payments to cybercriminals continued to decline. Only 29% of ransomware and extortion victims made a payment to the threat actor in 2024, down from 32% in 2023.

As organizations continue to improve their cybersecurity posture and recovery capabilities, threat actors come away empty-handed more often than not. However, the decrease in ransom payment percentage was not as sharp from 2023 to 2024 as it had been from 2022 to 2023, suggesting that while businesses and organizations are increasingly paying fewer ransoms for recovery or data suppression, the percentage of time a ransom is paid may eventually plateau.

The median ransomware demands by industry

Interestingly, Arete also observed that median demands and payments have remained largely stable year over year. Although median ransom demands fluctuated from quarter to quarter in 2024, the median was $500,000 over the course of the entire year, which was the same amount observed for the entirety of 2023. Likewise, the median payment amount remained consistent over the past three years.

In 2024, threat actors remained largely opportunistic in attacks. The primary shift is that year over year, organizations are increasingly adopting EDR and multi-factor authentication (MFA) to strengthen cyber resilience and prevent attacks.

“This report synthesizes Arete’s frontline data from thousands of cyber engagements in 2024,” said Chris Martenson, Arete’s Chief Data Officer.

“Using these unique insights, we will continue to protect our clients, inform our partners, and evolve our solutions to combat cyber extortion,” Martenson added.

Key Findings

• Victim organizations continued to demonstrate an improved capability to recover from attacks without paying ransom demands.  

• Threat actors adapted to the increase in law enforcement pressure, with new threat groups rapidly emerging, partnerships forming between groups, and an air of distrust enveloping the threat landscape. 

• Most ransomware and extortion activity in 2024 was opportunistic in nature, with threat actors targeting certain technologies or exploiting vulnerabilities as opposed to focusing on a specific industry.