A new report highlights the latest target of cyber crime: midsize businesses and their cloud infrastructure.

Ransomware is again on the rise, according to Delinea, a Privileged Access Management (PAM) solutions provider.

In its annual “State of Ransomware” report, the company noted a change in cyber criminals’ strategy.

“The familiar tactics of crippling a company and holding it hostage have been replaced by new strategies that use stealth to exfiltrate private and sensitive data,” the report stated.

The cyber criminals will then threaten to sell the data to the highest bidder on the darknet or leverage it to for a cyber insurance payment.

“State of Ransomware 2024: Anticipating the Battle and Strengthening Your Defenses” analyzed survey data collected from 300 U.S. IT and Security decision-makers to identify significant changes from the prior year and uncover new trends.

Although ransomware is not back at the levels of 2021, the number of organizations claiming to have been a victim of ransomware in the past 12 months more than doubled since last year, the report noted, from 25 percent to 53 percent.

Midsize companies were targeted the most, with 65 percent of respondents indicating they’ve been a ransomware victim over the past 12 months.

Companies are paying ransoms more frequently, up to 76 percent from 68 percent the prior year.

Data exfiltration is up by 39 percent (reported by 64 percent of respondents, up from 46 percent) and has become a preferred goal for cyber criminals, who use the control of a company’s network to download sensitive data to sell on the darknet.

“The trend is also evidenced by the significant downturn of traditional money grabs as the main motivation (34 percent, down from 69 percent the year before), the report stated.

“Ransomware certainly appears to have reached a critical sea change – it’s no longer just about the quick and easy payout,” said Rick Hanson, president at Delinea. “Even as organizations are investing more in safety nets like cyber insurance which often have ransomware payouts included in coverage policies, cyber criminals are finding that using stealth tactics to stay under the radar and access sensitive, valuable information to sell is the better investment of their effort.”

Hackers have modified tactics, moving away from using email as a preferred attack vector (down from 52 percent to 37 percent) and instead choosing cloud (44 percent) and compromised applications (39 percent).

The new approach is considered more covert, offering attackers the ability to remain undetected longer and the opportunity for more continuous access to systems and data, enabling them to ramp up the damage when they choose.

Ransomware protective measures vary among organizations, the survey found.

While 91 percent indicated they have specific budget allocations for ransomware, up from 68 percent in 2022, only 61 percent (down from 76 percent) said security budgets were allocated following an attack, possibly due to economic uncertainty or tighter budgets, the report stated.

The survey found that respondents seemed to lack clarity on how increased spending would help improve security, though they did spend more on critical areas to bolster defenses like Privileged Access Management (28 percent, up from 16 percent).

Executives and boards are now paying attention, with 76 percent reporting their leadership is concerned about ransomware, but perhaps only after an attack.

“The changing strategies and tactics in ransomware attacks require a layered approach to security that mitigates the risk of unauthorized access, even when credentials are compromised,” said Joseph Carson, Advisory CISO and chief security scientist at Delinea. “It also shows the critical role privileged access plays in overall cybersecurity postures.”