TechCrunch: “The ransomware industry is thriving, not losing. Despite various law enforcement wins against ransomware actors, like the sweeping takedown of LockBit and the seizure of Radar, hackers continue to reap the rewards of these data-theft attacks — and 2024 looks set to be their most profitable year to date. That’s according to Allan Liska, a ransomware expert who serves as a threat intelligence analyst at cybersecurity firm Recorded Future. In an interview with TechCrunch in London earlier this month, Liska confirmed that 2024 is on track to be another record-breaking year for ransomware — with equally record-breaking ransoms paid by victims to hackers. “The curve is going to flatten a little bit, which I guess is good news. But a record-breaking year is still a record-breaking year,” Liska told TechCrunch. “We’ve also this year, for the first time that I’m aware of, had four eight-figure ransoms paid.” One of these eight-figure sums was the $22 million ransom that Change Healthcare paid to the Russian cybercrime gang ALPHV following the theft of highly sensitive medical data related to hundreds of millions of Americans. What followed, Liska said, was rampant in-fighting between the ransomware group and its affiliate, who carried out the hack on ALPHV’s behalf. “If you wanted a reality show, this was it,” said Liska. This apparent scrappiness is only likely to worsen as younger threat actors join the ransomware foray, as we’ve seen with highly skilled and financially motivated hackers like Lapsus$ and, more recently, Scattered Spider. This loose-knit group of predominantly teenage, native English-speaking hackers has carried out some of the most disastrous cyberattacks in history, such as the breach of MGM Hotels and the suspected links to the recent cyberattack on Transport for London. The disjointed nature of these attackers is evidenced by the increase of data theft-only attacks, which have increased by more than 30% in 2024, according to Liska. “That is up significantly from just a couple of years ago,” he told TechCrunch. “A lot of the newer threat actors just don’t want to deal with encryption, decryption, or anything like that,” referring to attacks that exfiltrate huge amounts of stolen data..”