Skip to content

Ransomware report reveals changing ransomware trends for both attackers and defenders


Ransomware is a moving target. The past year has seen a rise in ransomware activity as gangs band together and leverage AI to scale their activities.

To meet the evolving challenge, organizations are shifting priorities and adopting new anti-ransomware strategies. Our most recent ransomware research found numerous ways organizations have changed in the past year.

Read on for the latest ransomware trends.

1. Defending against data exfiltration

This year, IT and security pros surveyed believe attackers are more motivated by data exfiltration than a straightforward money grab. They say cybercriminals are stealthily extracting sensitive data without necessarily delivering encryption payloads that shut down systems.

This is a much more insidious approach that makes ransomware harder to combat. Data exfiltration tactics can stay under your team’s radar for a long time. By the time you discover what attackers are doing, your data may already be gone.

What's the most prominent motivation for ransomware attacks today?2. Increasing anti-ransomware budgets

Almost all survey respondents (91%) have a dedicated budget to protect against ransomware, a much higher percentage than 2022. However, the study found that budgets often increase only AFTER an organization is hit with ransomware.

3. Prioritizing cloud and applications

This year, respondents say they are most concerned about ransomware attacks on cloud infrastructure and applications. As organizations become more reliant on the cloud for everything from software development to delivery of core services, it’s no surprise that they are more concerned with cloud security.

What are the most vulnerable vectors for ransomware attacks? 4. More victims are agreeing to pay

Faced with the potentially crippling consequences of ransomware, the study found that more than three-quarters of companies are opting to meet ransom demands as a pragmatic response to mitigate the impact. Last year, 68% said they were willing to pay.    

5. Privileged Access Management (PAM) investments are gaining traction

The study found that IT and security leaders have escalating concerns about privileged access as a vulnerable target for ransomware.

As part of the ransomware ecosystem, access brokers sell compromised credentials that provide entry to IT environments so their affiliates can conduct criminal activities, including data encryption, data exfiltration, and malware that slows or shuts down IT systems. 

To address the rising anxiety, spending on Privileged Access Management solutions also increased this past year. Investment has nearly doubled compared to last year's survey, rising from around 15% to just under 30% of the ransomware prevention budget. 

In what area do you invest the most to prevent ransomware? Get more ransomware trends

Grab your copy of State of Ransomware 2024: Anticipating the Battle and Strengthening Your Defenses to get more insights from folks in the trenches, along with context and analysis of what ransomware trends mean for your business. The findings will help you align with your leadership on the risk of ransomware and improve your ability to withstand an attack.

Ransomware Defense Toolkit

6-in-1 Toolkit for Ransomware Defense

Get everything you need to know to prepare, prevent, and contain ransomware in one place.