Nowadays, almost every day people see reports of cyber attacks in the news, which usually involve ransomware. Experts say that cyber criminals are deploying artificial intelligence (AI) in an attempt to identify attack targets faster.
The Federal Bureau of Investigation (FBI) states that ransomware is a type of malicious software that, once infected, prevents users from accessing computer files, systems, or networks. Ransomware demands payment from users in order to restore the affected functions.
In July of this year, several ransomware attacks took place in the United States, affecting institutions such as Susan B. Allen Memorial Hospital in Kansas, IT company Ingram Micro in California, and Cookeville Regional Medical Center in Tennessee.
According to data from the U.S. Office of the Director of National Intelligence, there were 5,289 reported ransomware attacks globally in 2024, a 15% increase from the previous year.
However, researcher Andy Jenkinson from the New York-based Cyber Theory Institute mentioned that these numbers do not account for the majority of unreported attacks. Jenkinson, a cybersecurity expert and author of “Stuxnet to Sunburst: 20 Years of Digital Exploitation and Cyber Warfare,” stated to The Epoch Times, “Ransomware attacks are widespread, with individuals everywhere paying ransom. There are two types of ransomware attacks: those that are publicly known and those that are concealed.”
The U.S. cybersecurity company PurpleSec estimates that the average cost of ransomware attacks has risen from $761,000 to $5.14 million since 2019.
Jenkinson noted that ransom payments are almost always made using Bitcoin and other cryptocurrencies, making them harder to trace than bank transfers.
Comparitech, a UK-based cybersecurity service company, maintains a database of global ransomware attacks. Jenkinson stated that cybercrime, including crimes involving stolen data for online fraud, results in a daily global loss of $32 billion.
Last month, Sophos, a UK-based cybersecurity service company, released a report titled “The State of Ransomware 2025,” based on a survey of cybersecurity leaders from 17 countries, revealing that nearly 50% of companies paid ransoms, with an average payment of $1 million.
Adnan Malik, the Data Protection Legal Director at Barings Law in Manchester, UK, told The Epoch Times that companies typically do not publicly announce when they pay ransoms. He said, “They try to conceal it… They try to disguise the ransom as other expenses.”
James Babbage, Threats Lead at the UK National Crime Agency, stated on the BBC’s “Panorama” program, “Companies that pay ransom are helping perpetuate this type of criminal behavior.”
Paul Abbott, the executive of the UK trucking company KNP Logistics Group, which collapsed in September 2023 after a ransomware attack, resulting in 730 job losses, recounted that a night shift worker first noticed issues with the company’s computer system and contacted the IT support team. However, the IT team initially did not suspect malicious activity.
Abbott stated that during a controlled shutdown restart, “they discovered a text file embedded in one of the servers, which was a ransom note from the Akira group, making it evident that the root cause of the problem became very clear at that moment.”
Akira is one of the most notorious ransomware groups. “For those who know their stuff, this money is easy to make,” Abbott remarked.
On July 22, the UK government announced plans to prohibit UK departments, state-owned agencies, schools, hospitals, and operators of critical national infrastructure from paying ransom to cybercriminals.
Jenkinson believes that addressing other issues is crucial. “Banning ransom payments without fixing the underlying vulnerabilities is like offering heart transplants to junk food addicts without changing their diet habits. The UK’s proposal addresses the symptoms rather than the root cause, potentially driving cybercrime further underground,” he said.
“If we don’t address the insecure systems that lead to these attacks and change poor cybersecurity practices, we are just putting band-aids on a festering wound without performing the necessary surgery,” Jenkinson added.
The European Union law enforcement agency Europol, headquartered in The Hague, Netherlands, participated in an operation on July 22 that led to the arrest of an alleged administrator of the XSS.is forum in Kyiv, Ukraine, a prominent Russian-language cybercrime platform often used for malicious activities.
Europol stated that the XSS forum had over 50,000 registered users and served as a major marketplace for stolen data, hacking tools, and illegal services.
Last May, the United States Department of State offered a $10 million reward for information leading to the arrest of Russian citizen Dmitry Khoroshev, suspected to be an administrator of the LockBit ransomware group.
The Department of State reported that LockBit had attacked over 2,500 victims globally, including around 1,800 in the United States, and amassed at least $150 million in ransom payments in digital currency.
The UK National Crime Agency described Khoroshev as the “LockBit Supplier,” providing ransomware as a service (RaaS) to global hacker networks or “affiliate groups,” offering tools and infrastructure for carrying out attacks.
Jenkinson noted that some misconceptions suggest that cybercriminals are becoming “more sophisticated” and predominantly operate from countries like Russia and other former Soviet republics, which are believed to be legal safe havens.
Malik agreed, stating that in reality, “Hackers are not the problem, but rather, the systems used by some of our institutions are very poor.”
“In general, the data infrastructures of most institutions are very outdated, and the systems are very vulnerable, making it easy for hackers to infiltrate their systems,” he remarked.
Jenkinson referenced recent attacks launched by the group Scattered Spider, comprised of hackers from the United States and the UK, including some teenagers.
In May this year, Tyler Buchanan, a 23-year-old British citizen suspected of being a leader of the Scattered Spider group, was extradited from Spain to the US, facing charges of conspiracy to commit computer intrusion, wire fraud, and aggravated identity theft in California.
The Department of Justice stated that Buchanan and his associates allegedly launched cyber attacks against around 45 companies in the US, Canada, and the UK, stealing millions in cryptocurrency.
“I don’t believe these attacks are becoming more sophisticated,” Jenkinson said. However, he noted that it serves as an “excuse” for businesses and governments to explain why the attacks are becoming more persistent and severe.
He mentioned that attackers exploit basic flaws in most companies’ security systems, including unencrypted data storage and using insecure cloud servers.
Jenkinson highlighted the exploitation of open-source intelligence. “I can see any organization anywhere in the world, tell you their so-called internet-facing assets: their websites, IP addresses, servers, etc., and tell you if they are vulnerable to being hacked,” he said.
“The reality is that security teams, the defenders of various systems, are not doing an adequate job,” he continued. “Malicious actors are certainly going to great lengths, using artificial intelligence to identify system vulnerabilities.”
Jenkinson pointed out that a significant part of the problem stems from excessive reliance on commercial cloud server services, which he said “expose risks.”
He mentioned that following the 9/11 attacks, then-US President George W. Bush mandated that all major tech providers in the US allow the National Security Agency (NSA) access to their data through “backdoors.”
Jenkinson remarked, “Now the vulnerabilities exploited by cybercriminals are the same vulnerabilities that the NSA has been exploiting since 2001 (if not earlier).”
The Cybersecurity and Infrastructure Security Agency (CISA) in the US issued numerous alerts regarding ransomware, malware, and other scams targeting US companies and public institutions.
“The US faces around 70% to 80% of global cyberattacks. They are the most digitally reliant nation in the world, with everything from where they refuel in the morning to when they turn the lights on at night depending on digital communications through industrial control systems,” Jenkinson concluded.
Malik stated that if individuals’ financial, personal, or medical data were leaked, the consequences could be severe.
“If you receive a letter saying that your email address and home address are now known to someone because a breach occurred at ‘such and such company,’ that may not have a huge impact on your life,” he noted.
However, he remarked, “But when the letter states that your Social Security number has been leaked, along with your date of birth, detailed information about your spouse and children, passport copies, these details are enough for someone to impersonate you.”
“These details are enough for someone to try and open bank accounts to obtain loans, and the consequences could be far-reaching and severe,” he added.