USA Trends and Developments Contributed by: Beth George, Timothy Howard, Brock Dahl and Megan Kayo, Freshfields
controls, and the importance of ensuring com - panies meet certain cybersecurity standards. Ransomware Ransomware continues to be a leading cyber - security threat for corporations, with several companies reporting multiple attacks within the course of a year. Threat actors in this space have commodified software supporting the attacks – a trend dubbed “ransomware as a service” (RaaS) – thereby making the attacks more accessible and executable by less sophisticated actors. RaaS is a business model in which cybercrimi - nals provide ransomware tools and services to other attackers, often for a fee or a share of the ransom payments. Essentially, RaaS operators develop and maintain the ransomware software, while affiliates or customers use it to carry out attacks. The RaaS operators typically provide user-friendly interfaces, technical support, and even updates to ensure the ransomware remains effective. This approach has led to an increase in the frequency and scale of ransomware attacks, as it lowers the barrier to entry for cybercriminals and allows them to focus on targeting victims and extorting payments. Additionally, the RaaS model can make threat actors more unpredictable. Famously, the Black - Cat ransomware gang had a very public falling out with one of its affiliates in connection with the Change Healthcare attack that – according to the company’s public statements – may have affected the personal information of approxi - mately 190 million individuals. Reportedly, the company made a USD22 million ransom pay - ment to the BlackCat ransomware gang to try to get services back online and for the ransom - ware gang to delete the company’s stolen data. However, the affiliate who claimed to have given BlackCat access to the company’s network also
claimed that BlackCat cheated the affiliate of its share of the ransom. Accordingly, the affiliate did not delete the information that Change Health - care had reportedly paid BlackCat to return and destroy. In 2024, ransomware demands and payments also continued to climb, reflecting the evolution and aggressiveness of cybercriminals’ tactics. In 2024, ransomware attacks increased in both frequency and scale, with the average ransom demand reaching more than USD3 million and the average ransom paid estimated at more than USD9.5 million. The increase in ransomware payments has been largely driven by the con - tinued success of extortion schemes whereby attackers often exfiltrate data prior to encrypting it, threatening to release sensitive information if ransoms are not paid, in addition to seeking pay - ment for the decryption keys. Ransomware attackers have also threatened to deploy distributed-denial-of-service attacks or threatened employees and customers of victims so as to apply additional pressure on companies. Some attackers have even notified regulatory authorities of victims’ data breaches, using the law as a means of exerting pressure. The emergence of new groups and ransomware variants of cyber-attacks, including rebranded ransomware groups, has also contributed to the record-breaking number of incidents and pay - ments. There have been ongoing law enforcement efforts, including a successful 2024 bust of infrastructure used by the Lockbit, a leading ransomware group. Nevertheless, the overall threat continues to grow, increasing pressure on companies to have plans for detection of ran - somware attacks and develop plans for sophis - ticated recovery.
361 CHAMBERS.COM
Powered by FlippingBook