In 2024, the cybersecurity landscape became increasingly fractured as ransomware attacks increased, according to a new study, 2025 Cyber Incidents Insights Report, from S-RM.
The barrier to entry for criminals lowered, which resulted in 53 different threat actors in 2024, an increased of 96% from 2023. To address this, law enforcement groups globally have stepped up action to combat threat actors.
“Last year was about staying nimble and adaptable as the number of threat actors proliferated," said Paul Caron, head of cybersecurity, Americas at S-RM, in a statement. "With increased competition for potential targets, cybercriminals sought out a wider variety of targets, going beyond large companies to include small and medium-sized businesses. And we’ve seen they’ve evolved their techniques and tools—for example, increasing Endpoint Detection and Response (EDR) avoidance and Adversary-in-the-Middle’ (AiTM) attacks.”
Looking at the incidents in 2024, the report found the following:
14% of ransomware cases resulted in payments to a threat actor, down from 28% in 2022.
57% of ransomware victims never appeared on extortion leak sites.
58% of ransomware victims had viable backups in place, an increase of 26% since 2022.
72% of ransomware incidents involved threat actors gaining access by exploiting software vulnerabilities.
45% of ransomware victims with EDR tool in place did not have it deployed across all devices.
41% of ransomware victims in 2024 with an EDR in place did not have dedicated analyst teams reviewing audits.
58% of unsecured services in ransomware cases were virtual private network (VPN) solutions.
68% of business email compromise (BEC) cases involved the use of adversary in the middle techniques.
42% of BEC victims did not have multi-factor authentication rolled out to all users.
Fractures and fissures
Over the course of 2024, S-RM’s incident response team encountered more cyber threat actors than ever before and solved the use of Ad3 separate threat actors, a 96% increase from 27 in 2023. This trend reflects an increasingly fractured threat landscape, with established groups hampered by the efforts of law enforcement and the barriers of entry for new entrants lower than ever.
Ransomware still dominant
Over a third of the incidents responded to involved ransomware, making it the leading incident category for the third year running. The rate of growth, however, may have slowed slightly. The number of organizations posted on ransomware and data-theft leak sites grew by 13% in 2024, down from 70% growth the prior year.
Ransom payments on the decline
While the threat actors multiply and become increasingly brazen, victims are becoming more resilient to ransom demands. Since 2022, the proportion of incidents the team has responded to that resulted in a ransom payment has nearly halved. Added Caron, “But even as cyber threats have evolved, our data from last year also shows that robust security programs are having an impact. Compared to previous years, a higher proportion of ransomware incidents were resolved without a payment, and almost half the business email compromises we assisted with did not result in financial loss from diverted funds.”
Exploited vulnerabilities continue to open doors
Exploited vulnerabilities in public-facing systems accounted for method of entry in 39% of extortion cases in 2024. There was also a 53% increase in the number of small businesses named on ransomware leak sites. Increased competition among ransomware groups has broadened the scope of organizations targeted by threat actors.
