Ransomware activity reached a new high in the fourth quarter of 2024 as cybercriminals used repeatable attack methods on VPN accounts, according to the recently released Q4 Travelers' Cyber Threat Report.
Groups targeted VPNs with weak credentials and those not protected by multifactor authentication, the data showed, resulting in 629 confirmed attacks in November, followed by a relative decline to 516 in December.
“It’s clear that basic attack techniques are still highly effective for ransomware groups,” said Jason Rebholz, vice president and cyber risk officer at Travelers.
“These groups have been on the offensive, proactively hunting for targets and having significant success,” he added. “It’s vital that businesses implement proven security controls to make it far more challenging for malicious actors to carry out an attack on their organization."
In 2024, Travelers said the increase in ransonware group formation indicated a rapid proliferation of smaller, more agile players in the cybercrime ecosystem.
Meanwhile, most ransomware claims start with threat actors compromising perimeter security appliances like firewalls and VPNs.
Across all ransomware claims in 2024, the most common initial access vectors were stolen credentials at 47% and software exploits at 29%, with 45,000 software vulnerabilities predicted for 2025 — a rate of nearly 4,000 per month and a 15% jump over the first 10 months of 2024.
The slideshow above illustrates top ransomware takeaways from Q4 2024, according to Travelers.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.