Ransomware surge sees hackers demand up to USD $8.6 million

On International Anti-Ransomware Day, cybersecurity experts are warning that ransomware threats continue to surge in scale and sophistication, with attacks increasingly targeting cloud infrastructure and exploiting human vulnerabilities rather than solely compromising computers and networks through traditional malware.
The 12th of May marks the anniversary of the 2017 WannaCry attack that paralysed critical services worldwide, notably disrupting the National Health Service in the United Kingdom. Since then, ransomware has become a household term—albeit one still shrouded in technical complexity for many. Rebecca Moody, Head of Data Research at Comparitech, reflected on the shift, stating, "In 2017, ransomware, to many people, was still a huge unknown. Fast-forward to today, and it's a word within a lot of people's vocabulary—even if they don't understand the technical jargon surrounding it. This is because of large-scale attacks like WannaCry and the current attack on Marks and Spencer, bringing these types of attacks to the forefront."
Moody revealed that ransomware attacks have not subsided. "Sadly, however, while awareness around these types of attacks has grown, so too has the number of attacks. Since 2018, we've seen yearly increases in the number of ransomware attacks (except for a dip in 2022), and the amount of data involved in these attacks has also risen exponentially." Hackers have honed their focus on double-extortion tactics, whereby criminals not only encrypt systems for ransom but also steal sensitive data for additional leverage.
According to Comparitech's analysis, the UK has suffered 281 confirmed ransomware attacks since 2018, resulting in the breach of over 3.3 million records. Recent average ransom demands have reached nearly USD $8.6 million (GBP £6.5 million). For 2024 alone, there have been 40 attacks, affecting nearly 1.2 million records, with 12 attacks already reported so far this year. Moody noted that while no breaches have yet been reported for this year's attacks, significant numbers may emerge as incidents involving major companies such as Marks and Spencer and Co-op are investigated.
"As we've seen with Harrods, Co-op, and M&S, social engineering tactics were used to carry out these attacks, whereby employees were tricked into changing their passwords," Moody added. She underscored that despite the evolving threat landscape, the fundamentals for defending against ransomware remain unchanged: maintaining up-to-date systems, patching vulnerabilities promptly, regular backups, robust incident response planning, and comprehensive staff training.
This year, attention is also focusing on the rise of identity and cloud-driven attacks. Fabio Fratucello, Field CTO at CrowdStrike, explained: "Ransomware remains one of the most persistent and damaging threats facing organisations today. It has evolved far beyond being just an endpoint issue—it's now a challenge rooted in identity, cloud infrastructure and data security."
Fratucello cited data from CrowdStrike's 2025 Global Threat Report, noting, "79% of initial access attacks are now malware-free and access broker activity has surged by 50% year over year. This shows a clear pivot towards stealth and credential-based attacks, making traditional defences obsolete." He advocated for unified, AI-driven platforms that deliver protection and visibility across endpoints, identities, and the cloud, arguing that legacy, fragmented tools are no longer sufficient. "In today's threat landscape, visibility is protection. And protection must start with consolidation," Fratucello asserted.
Looking ahead, the interplay of artificial intelligence and cybercrime is poised to be the next frontier. KnowBe4, a prominent security company, predicts that agentic AI ransomware—autonomous, intelligent bots orchestrating attacks—will soon pose an unprecedented threat. Roger Grimes, KnowBe4's data-driven defense evangelist, commented: "AI agentic ransomware will gain initial access, analyse the environment, determine how to maximise malicious hacker profits, and implement the attacks. And it will not be just one attack, but a series of escalating attacks to maximise a malicious hacker's profit."
Ransomware payments escalated over the past year, with average amounts climbing to USD $2.73 million, according to KnowBe4. Grimes highlighted that malicious actors typically adopt innovations six to twelve months after they are developed by legitimate cybersecurity researchers. He urged organisations to leverage AI and advanced defences now to prepare for the threats on the horizon.
As cybercriminals continue to refine their tactics and exploit both technology and human factors, experts unanimously stress the enduring importance of proactive security practices. Regular training, technological consolidation, and continual vigilance remain the cornerstones of effective cyber defence against one of the digital age's most formidable adversaries.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Scoop

9 hours ago

• Scoop

When Good Data Gets Buried In Uncertainty. And Inflation Is Eye-watering To Look Through

Escalating conflict in the Middle East is likely to dominate market moves for the foreseeable future as the data flow slows and tensions intensify. As expected, last week the Fed and BoE left monetary policy settings unchanged with both central banks both noting they are still assessing the impact of tariffs on growth and inflation. Meanwhile at home we saw Kiwi growth outpace expectations over Q1. Our COTW looks at the increase in inflationary pressures stemming from offshore. Food prices are up 4.4%, and oil prices are heading higher. Here's our take on current events Conflict in the Middle East intensified over the weekend as the US launched strikes on three nuclear sites in Iran. And with geopolitical tensions running high, investors continue to move towards safe haven assets. Reclaiming it's tested safe-haven status the USD has regained strength seeing the Kiwi dollar trading back below 60c. Meanwhile, oil prices, already a leg higher last week, will likely continue on a path higher as tensions persist. Especially with the situation still fluid and the potential for retaliation by Iran. Markets will be closely watching the next steps in the geopolitical landscape. Particularly around the potential closure of the Strait of Hormuz. But for now, the risk remains tilted toward further downside for the Kiwi as the risk-off sentiment continues. As the situation unfolds, we're thinking about the potential inflationary and growth impacts for the global and domestic outlook. Sustained disruption in the Middle East would likely exacerbate energy supply concerns, causing a bout of global inflationary pressures. And in today's already fragile environment, facing tariff trade disruption and an economy only just emerging from recession, a near-term rise in fuel costs would likely place additional pressure on Kiwi households and businesses, reinforcing downside risks to domestic growth. Like most things these days, we're hoping for a better outcome to play out… But we must flag the downside risks to the global and domestic outlook. Overshadowed by the conflict in the Middle East, the US Federal Reserve and the Bank of England also met last week. Both central banks left policy rates unchanged as expected, and signalled a patient approach, awaiting more clarity on the impact of tariffs on growth and inflation. Here at home, the latest GDP numbers out last week showed the pace of the economic recovery quickened over the start of 2025. Economic activity lifted 0.8% over the March quarter, slightly outpacing our expectation of 0.7% and significantly stronger than the RBNZ's 0.4% forecast. (See our full report here). It's nice to have some good news. But we're holding our horses. The economy remains 0.7% below pre-recession levels. And in the year to March 2025, the Kiwi economy shrank 1.1%. We're still crawling out of the deep hole we fell into last year. A hole which has been even deeper on a per capita basis. On a per person basis, economic activity lifted 0.5% over the quarter but remains down 1.6% over the year. Unfortunately, we may be crawling for some time longer. From here out, we're not expecting to see the same strength seen over summer period sustained. We expect that the damaging effects to growth from tariff volatility and uncertainty have already started to take effect this quarter. And we expect those headwinds to become more evident in the June quarter GDP figures. More timely economic data are already starting to point to a slowdown. Electronic card spending has softened, and both the manufacturing PMI and services PSI fell sharply back into contraction in May. Weak confidence amid economic fragility and tariff uncertainty is resulting in softening demand. And it's under these conditions that we're expecting a weaker Q2 GDP outturn than the strong prints over the summer period. Chart of the Week: Inflation is eye-watering to look through. Monetary policy makers must look through short-term volatility, even if it's eye-watering. Inflationary pressures from offshore are heating up. Food prices are up 4.4%, reflecting elevated global commodity prices. Higher prices for fruit and vegetables as well as meat drove the increase in food prices in May, up 3.6% and 1.7%, respectively. Petrol prices fell 2.7% in May, but a reversal is likely this month following the conflict in the Middle East. Global oil prices are almost 20% higher since the start of the month. Domestic inflation continues to ease, but frustrations remain. Rents for example, have cooled rapidly, rising just 0.1% over the month. Annual rental inflation is running at 2.8% - the slowest pace since January 2015. Household energy costs however are on the rise, up a chunky 2.3% over the month. The risk here is that inflation flirts with the top of the RBNZ's target band in the near-term. We had already pencilled in a move towards 2.7% this year. But it's looking like we'll see a higher peak. In saying that, downside risks dominate the medium-term. Consumer prices will come under pressure amidst slowing global demand and excess capacity in the economy. There's risk that inflation falls below the RBNZ's 2% sweet spot, which would necessitate further monetary policy support. The typical play for central bankers facing a spike in inflation is to look through it, especially if it is the result of a shock. Such is the case for the recent increase in oil prices. The impact should be temporary and an unwind likely. But as we've learnt from the RBNZ's last meeting, there's nervousness around rising inflation expectations. Using Scoop for work? Scoop is free for personal use, but you'll need a licence for work use. This is part of our Ethical Paywall and how we fund Scoop. Join today with plans starting from less than $3 per week, plus gain access to exclusive Pro features. Join Pro Individual Find out more

Techday NZ

11 hours ago

• Techday NZ

High-performance tech framework attracts global police sector

A workplace performance framework developed in New Zealand using research into the psychological breaking points of elite athletes is attracting interest from police and defence sectors in North America and the UK. Vantaset, established by performance specialist Craig Steel, has created a platform-as-a-service (PaaS) aimed at improving workplace productivity through methods first engineered for elite athletic performance. Steel's team includes a former All Blacks manager and two Olympians. The company's approach has prompted contract signings with World Policing in the UK, which provides technical and governance advice to thousands of police forces worldwide, and an international consulting firm that advises government security and law enforcement agencies across Europe and North America, including the FBI. This move comes after the deployment of the technology in over 100 New Zealand organisations, including the NZ Police. The transformation project within the NZ Police was previously described by international consultants as one of the most successful government sector transformations in history, resulting in heightened staff engagement, greater public trust, and a reported reduction in crime by over 20%. International interest Steel says discussions are ongoing with police chiefs and defence experts in North America who have indicated a need to address significant challenges in staff engagement and retention. The Vantaset system, which took seven years and USD $7 million to develop, is now under consideration for pilot trials in these regions. "They told us this was the most promising process they've seen to address what they describe as a leadership and engagement crisis affecting critical agencies globally, so piloting the process is the logical next step in demonstrating its effectiveness in this environment." According to Bernard Rix, Chairman of World Policing, Vantaset's proven track record in New Zealand was a key factor in establishing the partnership. "Given the demonstrable impact Vantaset's technology had on New Zealand Police, we're confident it can be implemented in other law enforcement agencies around the world to help them improve the performance of their respective forces, which is why we've partnered with them." Origins in sport Steel's original research focused on 'athlete capitulation' — the psychological moment an athlete fails under pressure. By analysing and reverse-engineering this breakdown, he created a framework responsible for more than 20 World Cup and equivalent titles for New Zealand athletes and allowed personal bests to be delivered on demand in high-pressure environments. Quantitatively, the framework enabled New Zealand athletes to achieve personal bests 87% of the time at Tier 1 events, compared to the international average of 8-10%. Steel commented on the wider impact of the approach: "What began as a system for world-class athletes is now changing the way organisations develop and engage their workforce," says Steel. "We're focused on helping organisations, including the Police, improve the impact and effectiveness of their staff as their personal performance is vital to the nations they represent." Adapting for organisations Team members, such as Olympians Moss Burmester and advisor Anthony Moss, are now supporting the transition of high-performance sporting principles into broader workplace environments, including government agencies and corporate boardrooms. Steel adds that organisations' typical risk-averse cultures can restrict innovation: "Our work began with high-performance sport. But when we were invited to trial it in business, the results were just as transformative." He said the platform codifies elite performance in a way that enables consistent support across all organisational levels. "It's about unlocking the potential that already exists in their business as opposed to just trying to mitigate its risks, which crushes innovation. "In elite sport, the goal is never to avoid failure, it's to produce something exceptional. But in the business world, most performance management systems are built to manage issues when they occur rather than amplifying the organisation's capacity to perform," he says. Steel describes Vantaset's digital platform as a tool for large-scale adoption of high-performance principles. "What we've done is build a high-performance operating system that organisations can scale across their entire workforce so they can embed a proven way of working that brings out the best in everyone. The focus isn't on minimising mistakes, it's on helping people be the most effective versions of themselves, as that's what drives growth and improvement." Over 30,000 employees have used Steel's framework so far. The company is now targeting an expansion into other Five Eyes nations, including the United States, Australia, Canada, and the United Kingdom. Strategic distribution To facilitate international growth, Vantaset is engaging with consulting partners capable of distributing the system into both public and private sectors. Steel said Five Eyes countries were prioritised due to national security and trust considerations. "We've chosen to focus on the Five Eyes nations because we recognise that when it comes to working with defence forces and critical government agencies, trust and national security considerations are paramount. "If we were to work with non-aligned or competing jurisdictions, it could close doors to the agencies in the nations we're best positioned to support. This strategic alignment should ensure our eligibility to work with the most sensitive public sector environments, where human performance is most vital." The Vantaset platform is now being positioned for broader global uptake with ongoing dialogue involving international consulting firms and law enforcement agencies.

Techday NZ

3 days ago

• Techday NZ

Exclusive: Logistics firms face rising OT cyber threats amid global tensions

Cyber attackers are increasingly targeting logistics and supply chain networks, aiming to destabilise nations and gain strategic leverage without ever crossing a border. According to Leon Poggioli, ANZ Regional Director at Claroty, the recent cyber espionage affecting logistics firms supporting Ukraine is not an isolated trend but part of a broader pattern. "There's two key reasons nation states do this," he explained during a recent interview with TechDay. "One is to disrupt the other nation's defences, and the other is to put political pressure on the general public by interfering with their supply chains." These attacks frequently target operational technology (OT) systems - the core infrastructure behind physical processes in logistics, energy, manufacturing and healthcare. Poggioli said attackers exploit connectivity in these environments to carry out sabotage remotely. "A lot of these environments have some kind of external connectivity, so that gives an attacker an ability to remotely trigger a cyber attack and disrupt those supply chains." In some cases, tactics have extended to disrupting weapons infrastructure, such as drones. "When one nation uses drones, the other will defend itself by trying to jam signals and disrupt that infrastructure," he explained. Compared to IT systems, OT vulnerabilities can be far more complex and risky to remediate. Poggioli noted that in OT, even small changes can impact safety and operations. "In the IT world, it's easy to push patches out," he said. "In OT, even a minor change can disrupt operations, so remediation needs to be more targeted." Claroty's platform is built to help organisations quickly cut through large volumes of vulnerability data to find what really matters. "A site may have 1,000 vulnerabilities, but we can whittle that down to the five that make the most impact," he said. "That becomes a manageable number that a cyber leader and OT asset manager can act on within weeks." Recent data from Claroty's global survey of cybersecurity professionals reinforces the growing financial and operational risks posed by cyber attacks on cyber-physical systems (CPS). Nearly half of respondents (45%) reported financial impacts of $500,000 USD or more from such attacks in the past year, with over a quarter suffering losses of at least $1 million. These costs were largely driven by lost revenue, recovery expenses, and employee overtime. "It's a growing concern across multiple sectors, particularly in chemical manufacturing, energy, and mining – more than half of organisations in those sectors reported losses over half a million dollars," Poggioli said. Ransomware remains a major burden, especially in sectors like healthcare where 78% of organisations reported paying over $500,000 to regain access to encrypted systems. "These are real costs, not theoretical risks," he added. "And they're rising." Operational downtime is also widespread. Nearly half of global respondents experienced more than 12 hours of downtime following an attack, with one-third suffering outages lasting a full day or more. "When operations halt, the financial and reputational damage mounts quickly," Poggioli said. He added that one of the most pressing vulnerabilities is the level of remote access in these environments. "We're seeing around 45% of CPS assets connected to the internet," he said. "Most of that is done through VPNs that were never built for OT security." Third-party access is another growing concern, with 82% of respondents saying at least one cyber attack in the past year came through a supplier. Nearly half said five or more attacks stemmed from third-party connections, yet 63% admit they don't fully understand how these third parties are connected to their CPS environment. Poggioli pointed to this as a critical blind spot. "Legacy access methods and poor visibility are allowing attackers in through the back door," he said. Even more concerning is the risk from insiders. "You want to be able to trust your team, but someone with inside knowledge can do more damage than an external attacker," Poggioli said. "Even air-gapped environments need constant monitoring." A cyber attack on Denmark's power grid in 2023 served as a wake-up call. "One operator didn't even know they had the vulnerable firewall in their system," he said. "That's why visibility is so important. You can't secure what you don't know exists." While preparedness across the logistics sector varies, Poggioli believes the industry is slowly recognising the strategic value of cybersecurity. "It's going to become a point of competitive advantage," he said. "Customers are going to start asking serious questions about cyber security and supply chain integrity." He drew a sharp distinction between cyber criminals and state-backed actors. "Cyber criminals want fast financial gain, but nation states are more focused on political objectives," he said. "They have better resources and longer timelines. That changes the game." Poggioli warned that just because no incident has occurred doesn't mean attackers aren't already embedded in critical networks. "There's growing evidence of adversaries nesting in these systems," he said. "My hypothesis is they're preparing for future conflict. If war breaks out, they're already in position to strike." For logistics firms looking to strengthen their defences, Poggioli said the first step is basic visibility. "Most people I speak to admit they don't know 100% what's out there or how it's connected," he said. "Start with an asset inventory. Once you have that, you can start risk modelling and reduce exposure." There are signs that resilience strategies are making a difference. According to the Claroty report, 56% of professionals now feel more confident in their CPS systems' ability to withstand cyber attacks than they did a year ago, and 72% expect measurable improvements in the next 12 months. Still, Poggioli said complacency is not an option. "If you don't know how big the problem is, you won't know how to solve it," he said. "Once you understand the risks, you can act to protect your operations and show the business the value of cyber security."