NEW YORK— As ransomware incidents gradually decline, cybercriminals are increasingly turning to fraudulent wire transfers as their scheme of choice, a new report shows.
The latest Data Security Incident Response Report from law firm BakerHostetler—drawing on insights from more than 1,250 security incidents the firm handled in 2024 through its Digital Assets and Data Management Practice Group—highlights shifting trends in cyber threats. While ransomware remains a serious concern and continues to disrupt organizations despite well-prepared response plans, the firm notes that the effectiveness of the ransomware model appears to be declining, according to InfoRisk Today.
"We see fewer attacks and lower payments," the report says. "After several chaotic years, ransomware is settling into the category of risk that still exists but for which there are known measures that should make an impactful attack less likely."
“Whether the law firm this time next year arrives at the same conclusion might be tempered by data showing the first three months of this year to be the worst on record, in terms of the volume of attacks collectively claimed by ransomware groups. Buttressing the law firms' case is that fewer victims are paying, likely causing criminals to make up for revenue shortfalls by racking up more victims,” InfoRisk Today said.
The firm said one-third of all incidents it investigated last year involved the healthcare sector, including biotechnology and pharmaceutical companies, followed by financial and insurance firms, comprising 15% of incidents, then professional and business services with 12%, InfoRisk Today said.
Of the incidents, 27% traced to vendors, including the theft of data from Change Healthcare—BakerHostetler represented 125 organizations who had to respond to that attack—as well as the theft of data from users of the Snowflake data warehousing platform and also from secure managed file-transfer tools, with many of those attacks continuing to trace to the Clop—aka Cl0p—group, which targeted users of Cleo Communications software last December, InfoRisk Today explained.
“After attackers gained access, investigators found this is what happened next: 44% of attackers stole data, 35% accessed the organization's email, 31% deployed ransomware, 13% deployed some other form of malware and 11% stole money via diverted wire transfers, director deposits or ACH payments,” InfoRisk Today said.
Of that monetary theft, the average loss was $1.3 million—a threefold increase from 2023—and the median $130,000, which reflects in part some of the larger heists, with the largest one in 2024 stealing $20.6 million. Of $109 million stolen via these fraud tactics last year, the firm said nearly $50 million got recovered, “in no small part thanks to the work of the U.S. Secret Service,” InfoRisk Today added.