Securin’s 2024 Ransomware Report: What IT Providers Should Know About Smarter AI Attacks

Updated:
New Ransomware Report What It Leaders Should Know
Jordan Sprogis

Writer: Jordan Sprogis

Jordan Sprogis

Jordan Sprogis, Contributing Expert

Jordan Sprogis is a creative writer and tech researcher who has been working on online content for the better part of a decade. She holds a bachelor's degree in professional writing from Western Connecticut State University and has devoted much of her career to crafting content for various web verticals, including CyberSpyder and The Echo. Since joining HostingAdvice, Jordan has combined her storytelling ability with her fascination for advancements in technology to pen over 200 articles geared toward industry pros and newcomers alike.

See Full Bio »
Close
Lillian Castro

Editor: Lillian Castro

Lillian Castro

Lillian Castro, Senior Editor

Lillian brings more than 30 years of editing and journalism experience to our team. She has written and edited for major news organizations, including The Atlanta Journal-Constitution and the New York Times, and she previously served as an adjunct instructor at the University of Florida. Today, she edits HostingAdvice content for clarity, accuracy, and reader engagement.

See Full Bio »
Close
Cristian Lopez

Reviewer: Cristian Lopez

Cristian Lopez

Cristian Lopez, Contributing Expert

Cristian Lopez uses his Business Marketing background from the University of Illinois at Chicago to create comfortable environments for customers, clients, and colleagues to share their thoughts and ideas openly. From interviewing tech leaders to conducting UX market research projects, Cristian knows the importance of storytelling — a key variable for innovation and inspiration. His goal at HostingAdvice is to wow readers on the ever-evolving nature of the tech industry and bring his audience the most reliable and exciting content on all things hosting.

See Full Bio »
Close
Follow the HostingAdvice team for a daily dose of tech news, trending IT discussions, and interviews with the web's most innovative technologists.

Key Takeaways

Computer and network security company Securin just released its 2024 Ransomware Report, which highlights one common thread: Thanks to genAI, ransomware threats are getting smarter.

Aviral Verma, a lead security analyst at Securin  whose research contributed to the report, said the ransomware attacks we see now “prove the lengths that hackers are willing to go to access critical data.”

As a quick refresher, ransomware is malware that locks or encrypts data. Hackers typically demand a ransom to restore access. If it’s not paid, they threaten to leak or exploit the stolen data.

Hosting providers are prime targets because they store tons of sensitive customer information and often host multiple tenants on the same infrastructure, making the impact of an attack much bigger.

All it takes is one phishing email, one unpatched plugin, or one poorly secured remote access point. Shared hosting models are especially at risk because they typically don’t have strong isolation models.

Securin’s report breaks down the ransomware landscape into five sections.

HostingAdvice focused on the key findings and spoke with Verma to get an inside look at which ransomware groups are the most aggressive and which industries are feeling the biggest impact.

GenAI Is Fueling Smarter Ransomware Attacks

The report started with something most industry experts already know to be true: GenAI is used as both a weapon and a target.

For threat actors, genAI allows for faster, more personalized, and scalable attacks. For defenders, it offers the promise of faster detection, automated response, and predictive threat mitigation.

Securin infographic
Just like bots, genAI can be used for good and for bad.

Of particular threat to AI systems are cross-prompt injection attacks, which allow bad actors to bypass security controls and manipulate AI systems into performing actions.

Supply chain attacks are also quickly becoming a main threat vector.

“It is imperative for industry leaders to implement proactive measures, leveraging genAI for threat detection and response, to defend against the evolving cyber threat landscape and strengthen their security posture,” said Verma.

More specifically, Securin recommends developing comprehensive strategies that are unique to AI, particularly by combining automated testing frameworks with human expertise.

Securin warns that without proper safeguards, ransomware could evolve into a self-optimizing threat and achieve up to a 90% success rate in evading detection.

Healthcare and IT Are Prime Targets

In terms of who’s doing the evil bidding, Securin found several main ransomware operators whose names popped up over and over again:

  • LockBit: Typically targets government, manufacturing, and financial industries
  • Cl0p: Targets supply chains in IT, manufacturing, and energy industries
  • Akira: Targets education, financial, and healthcare industries
  • Black Basta: Targets healthcare, manufacturing, and infrastructure industries
  • RansomHub: Targets water systems, healthcare, and government industries
  • BlackCat: Targets healthcare and financial industries
Securin infographic
Unsurprisingly, these high-risk industries remain the primary targets for ransomware attacks.

According to Securin’s findings, the most commonly attacked industries include:

  • Healthcare & Public Health: 14.5%
  • Information Technology: 10.3%
  • Manufacturing: 9.1%
  • Government & Public Sector: 8.5%
  • Education: 5.5%
  • Transportation & Logistics: 5.3%
  • Financial Services: 5.2%

These industries are frequent targets because they’re undeniably high-value and can’t afford downtime.

That makes them prime opportunities for attackers: Downtime creates leverage, and leverage drives payouts.

One notable incident Securin noted in the report is the Schneider Electric breach by the Hellcat ransomware gang, who bizarrely demanded a $125,000 ransom in baguettes.

The hackers accessed the company’s Atlassian Jira system and stole 40 GB of sensitive data, including employee and customer info, project files, and more.

This attack marked Schneider’s third cybersecurity breach in just two years.

The Weak Links Hackers Exploit Most

Ransomware attacks revealed a consistent weakness across industries: poor authentication and access controls. These remain the most commonly exploited vulnerabilities, giving threat actors an easy way in.

Attackers are using familiar (but effective) tactics, including exploiting misplaced trust in clients, OS command injection, directory indexing flaws, and code injections.

Securin infographic
Cyberattacks have grown more advanced. Instead of simple website hacks, attackers now prefer deeper flaws (like buffer overflows) that give them more leverage.

The study noted that this suggests attackers have a mature understanding of enterprise software vulnerabilities.

“Threat actors are exploiting legacy systems and poor security hygiene to gain entry into critical systems,” said Verma.

Verma points to the numbers that back it up:

  • Vulnerability and misconfiguration exploits: 30%
  • Compromised credentials: 22.8%
  • Spearphishing through malicious links or attachments: 19%

Securin reminds us that even as threats grow more sophisticated, many breaches still come down to the same core weaknesses.

Inside the Minds of Ransomware Gangs

Ransomware groups are changing the way they gain access to systems.

Securin found that initial access often comes through exploiting public-facing applications. Another trend the report highlighted is that attackers aren’t just rushing in anymore.

Securin infographic
Securin identified six of the most aggressive ransomware operators who strike hard once they’ve selected a target.

Instead of launching ransomware right away, attackers are taking time to methodically research and carefully choose their most valuable targets.

It’s the Cobra Kai of cybercrime: Strike first, strike hard, no mercy. That, unfortunately, is what makes these attackers a whole lot harder to stop.

Turning the Tables: Best Practices

When it comes to best practices, the report emphasizes that organizations shouldn’t wait for an attack disguised in a Trojan horse. Make sure your castle walls are already built and fortified.

In particular, the report outlines several key areas of focus: authentication and access control, memory protection, and sector-specific defense strategies.

But for hosting and IT providers, Verma has some specific advice.

“Both web hosting providers and industry leaders can take a proactive approach to cybersecurity by adopting measures that identify and address vulnerabilities before they are exploited,” he said.

Here’s what Verma recommends:

  • Conduct routine penetration testing and exposure management
  • Patch vulnerabilities promptly and based on real-world risk
  • Use binary analysis tools to uncover hidden code-level flaws
  • Require vendors to follow the FDA’s “security by design” principles
  • Roll out multifactor authentication (MFA) across systems
  • Enforce unique, non-reused passwords across the organization

While the checklist is long, the underlying message is simple. As the report puts it: “Perfect security isn’t the goal — making attacks economically unfeasible is.”

About the Author

Jordan Sprogis
Jordan Sprogis
Contributing Expert

Jordan Sprogis is a creative writer and tech researcher who has been working on online content for the better part of a decade. She holds a bachelor's degree in professional writing from Western Connecticut State University and has devoted much of her career to crafting content for various web verticals, including CyberSpyder and The Echo. Since joining HostingAdvice, Jordan has combined her storytelling ability with her fascination for advancements in technology to pen over 200 articles geared toward industry pros and newcomers alike.

View Jordan Sprogis's Full Profile »