Ransomware Shock—$133 Million Paid, 195 Million Records Compromised

Enterprises have very good reason to be concerned about new and emerging hack attacks ranging from router configuration exploits and through to phish-free phishing campaigns and even the use of sweaters, I kid you not, in novel e-commerce hacking campaigns. But that doesn’t mean the threat from old enemies, such as ransomware attacks from groups thought to be extinct, is over: far from it, as new research has confirmed.

ForbesDo Not Click—New Gmail, Outlook, Apple Mail Warning For BillionsBy Davey Winder

New Report Reveals True Extent Of Ongoing Ransomware Threat To Organizations

Globally, across 2024, ransomware gangs had confirmed success against 1,204 organizations, with another 4,257 attacks claimed by the cybercriminals responsible as published on their data leak sites but without acknowledgment from the alleged victims. That’s just the tip of the ransomware threat iceberg, according to a detailed analysis published on Jan. 9. Here’s what you need to know.

The Comparitech end-of-year ransomware report makes for truly shocking reading when the raw numbers are absorbed:

Just taking into account the confirmed attacks, some 195,414,994 records were compromised, and ransoms totalling $133.5 million were paid, with the average being an astonishing $9,532,263. The 195.4 million records breached, although this number is still rising apparently, is lower than that for 2023 when 261.5 million records were known to have been exfiltrated.

When it comes to the gangs responsible, by far the most prolific was RansomHub with 89 confirmed attacks, then LockBit on 83, Medusa on 62 and Play with 57 confirmed.

According to the report, the biggest attacks were:

1. Change Healthcare–100 million people are estimated to have been affected by the ALPHV/BlackCat attack.
2. LoanDepot—16.9 million said to be affected, also in an ALPHV/BlackCat attack.
3. MediSecure—with 12.9 million affected, although the ransomware group remains unattributed.
4. Izumi Co., Ltd—7.8 million affected by another unattributed group.
5. Evolve Bank & Trust—7.6million people affected by this LockBit attack.

Comparitech categorized ransomware attacks into four sectors: business, education, government, and healthcare. “The only sector that looks set to see a decrease in attacks from 2023 to 2024 is education,” Rebecca Moody, Comparitech’s head of data research and author of the report, said, “in 2023, we logged 188 attacks on educational institutions, such as schools and universities. This dropped to 116 in 2024. All of the other sectors will be on a steady year-on-year trend once all breaches have been reported.”

ForbesNew Google Chrome Attacks Bypass More Than Just 2FA—Millions At RiskBy Davey Winder

The Ransomware Landscape In 2025

Although Moody conceded that predicting the ransomware landscape is notoriously tricky, that doesn’t prevent some intelligence-inspired deductions about the threat landscape from being drawn.

“At the start of last year, it seemed as though ransomware figures were declining,” Moody said, “but figures started to skyrocket again toward the end of the year.” Based on these figures, Moody said that it’s “highly likely we’ll continue to see large-scale attacks” across 2025. These attacks will, Moody warned, “either cause widespread disruption to companies and/or see troves of data being stolen.”

One of the problems with predicting ransomware attacks is that outside of the U.S. and some other countries, impacted organizations are not legally required to disclose the attacks when thresholds are met. This means that attacks can remain unconfirmed even when they have been successful.

ForbesFBI Warns Of Brute-Force Password Spy Attacks—What You Need To KnowBy Davey Winder

Follow me on Twitter or LinkedIn. Check out my website or some of my other work here.