Ransomware Attacks Hit Record High Despite Payment Decline: Travelers

Ransomware attacks hit record highs while payments decline, signaling a strategic shift in cybercriminal tactics.

By: R&I Editorial Team | March 10, 2025

Ransomware attacks hit an all-time high in Q4 2024 with 1,663 victims, yet total payments to attackers dropped 35% year-over-year to $813 million, signaling a shift in both attack methods and organizational responses to threats, according to Travelers’ Q4 2024 Cyber Threat Report.

In addition to an active fourth quarter, the ransomware landscape reached unprecedented heights in total in 2024, with threat intelligence research documenting a total of 5,243 victims posted on leak sites—marking a 15% increase from the 4,548 incidents recorded in 2023, according to the report. The global impact of these attacks resulted in the exposure of over 195 million records.

Despite the increasing frequency of attacks, financial metrics tell a different story. Total payments to ransomware groups reached $813 million for the year—a substantial sum, but one that actually represents a 35% decrease in revenue for ransomware operators compared to the previous year, according to the report. This divergence between rising attack numbers and falling ransom payments suggests organizations are increasingly refusing to pay attackers.

Shift in Attack Methodology

One notable evolution in ransomware tactics has been the move away from reliance on zero-day vulnerability exploitation, Travelers noted. Unlike previous peak periods of ransomware activity that were driven by opportunistic exploits of newly discovered vulnerabilities in common networking and software products, 2024 saw threat actors adopting more methodical approaches.

The new ransomware playbook focuses on reliable, repeatable methods to gain network access, particularly targeting weak credentials on VPN and gateway accounts that lack multi-factor authentication protection, according to the report. This shift can be traced back to the summer of 2023, when a ransomware training manual written by an “initial access broker” was leaked.

Rather than emphasizing the discovery of zero-day vulnerabilities, the manual advocated targeting widely-used VPNs with weak credentials, instructing attackers to look for default usernames like “admin” or “test” and to try combinations of common passwords, according to Travelers.

This methodology spread rapidly among initial access brokers and ransomware operators throughout 2024, enabling them to proactively hunt for profitable targets at scale. The days of threat actors waiting opportunistically for others to discover vulnerabilities have given way to a more systematic approach to victim selection, Travelers noted.

Impact on Organizations

While the financial toll of ransomware payments may be declining, the broader organizational impact remains severe. A review of 2024 claims received by Travelers revealed that attackers stole data in 87.6% of cases, a rate similar to 2023. This persistent threat of data theft creates significant exposure beyond the immediate ransom demand.

Even as organizations increasingly refuse to pay ransoms, they continue to face substantial costs from business disruption, IT system restoration, litigation, and regulatory fines for exposed records.

The Changing Landscape of Threat Actors

The ransomware ecosystem experienced substantial growth in 2024, with 55 new ransomware groups emerging on the scene. This represents a 67% increase in group formation compared to the previous year.

Government-backed threat actors are increasingly blurring the lines between state-sponsored cyber operations and criminal ransomware activities. Security researchers have uncovered troubling connections between nation-state actors and ransomware groups, the report found.

These nation-state connections bring enhanced resources and sophistication to ransomware operations. Government-backed groups are particularly advanced in leveraging artificial intelligence for various attack phases, including reconnaissance, research, and developing convincing phishing campaigns—capabilities that are gradually filtering down to their criminal partners, according to Travelers.

Notable Group Activities

The ransomware landscape of 2024 would be unrecognizable to observers from just a year earlier. RansomHub emerged as the dominant threat actor in Q4, responsible for 238 attacks—representing over 14% of the quarter’s total activity. Established groups like Akira and PLAY maintained significant operations with 133 and 95 attacks, respectively.

FunkSec represents one of the more intriguing developments in recent months, according to Travelers. This new group has drawn attention not just for its aggressive posture but for its unusual approach: Security researchers have questioned FunkSec’s technical capabilities, noting their heavy reliance on AI tools for code development.

Industry Impact and Targeting Patterns

The ransomware landscape of 2024 revealed clear patterns in which industries faced the most significant threats. IT services and consulting firms experienced a marked increase in targeting throughout the year, becoming prime targets for sophisticated threat actors.

The construction sector proved particularly vulnerable, suffering 129 attacks in the fourth quarter alone, representing a substantial 56% year-over-year increase, the report found. Health care organizations continued to face relentless pressure from ransomware operators, with attacks rising from 166 in 2023 to 210 in 2024.

Find the full report on the Travelers website. &

The R&I Editorial Team can be reached at [email protected].

The Green Transformation: How Philadelphia Insurance Bolsters Companies Seeking Alternative Energy Solutions

Wind, solar and geothermal energy solutions are rising in popularity among insureds. Initiatives in this green transformation have environmental underwriting support from the experts at Philadelphia Insurance Companies.

By: Philadelphia Insurance Companies | March 3, 2025

Businesses know the green transformation is well underway, and they are preparing in the best way possible: by working with their environmental insurance partners to get ahead of risk and keep informed.

“Green transformation” is more than a climate shift or weather patterns; it’s a social transference to more environmentally sustainable energy solutions like solar, wind and geothermal sources.

“As companies invest in green transformation, and begin shifting their business models away from exclusive investment, use, or support of traditional energy sources like petroleum and coal, they are starting to look at the alternative energy space,” said Jamie Langes, Vice President of Environmental Underwriting for Philadelphia Insurance Companies (PHLY).

“Insurance can champion this repositioning by supplying financial support needed to companies engaged in green transformation through policies and programs.”

This is a promising growth area for environmental insurers and their clients—one that insurers are increasingly willing to support and help free up capital. Here’s a deeper look at businesses’ interest in green transformation, the potential underwriting challenges of alternative energy solutions and the grounds for a good partnership.

A Bigger Interest in Green Transformation

Jamie Langes, Vice President of Environmental Underwriting, Philadelphia Insurance Companies

There are plenty of reasons why companies are looking at green and alternative energy solutions. Sustainability is a big reason, as is the profit motive.

Insurance companies are looking at this shift with interest, with some carriers even reducing support for traditional energy sources to help bolster investment opportunities in green energy.

“In the insurance sphere as a whole, carriers are actively engaged in identifying strategies to deploy their capacity, and making conscious determinations regarding coverage offerings that as a marketplace, we have committed to allot to green transformation,” Langes said of carrier interest.

Green energy is important for businesses’ future as it provides a renewable source of energy. As interest turns toward utilizing the big three—solar, wind and geothermal—so too does the financial support to sustain these endeavors.

“The more companies dive into green transformation, and the more insurers support those operations fiscally, we’re projecting this could easily set a market pace in the billions in a very short time,” Langes said.

How Insurance Supports Green Transformation

Venturing into green energy should not be done lightly; that’s why it’s important to work with an environmental underwriting team that has its finger on the pulse of green transformation.

Businesses looking into alternative energy require support from the insurance marketplace in order to secure adequate liability transfer, as well as limit rising risks. Insurance plays its role by supplying financial support to these companies engaged in green transformation to be able to function.

“Insurance capacity is growing, and rate is supporting new ventures from a balance of coverage and premium,” Langes said.

Insurance further provides a risk management perspective that helps sustain start-up costs and exposures for liability. Having the backing of an experienced underwriting team can be the difference between sound risk management and coverage and failure to launch.

“Green transformation is being leveraged as one component of our environmental approach,” said Langes, “and with [PHLY’s] expertise and experience, that approach is finding new ways to do business—including collaboration and a long-term vision, which embraces our role as a financial vehicle for progressing and assisting green transformation and technology through insurance.”

Traditional and Alternative: An Important Underwriting Balance

There is one thing that a good underwriting team must also review when aiding clients in their green transformation: Underwriting for traditional energy sources has the benefit of historical data to help guide decision-making.

“The insurance marketplace has ample actuarial data to gauge pricing parameters and risk acceptance vehicles from insuring traditional sources of energy long-term. As a result, insurers understand how to write that risk explicitly to make sure they’re able to not only support the business but also have the profitability to support their insureds should there be a claims situation,” Langes explained.

In contrast, “Green energy and design risks don’t have that much value proposition data yet since these exposures are still relatively new in the insurance marketplace as an insurable risk.”

To fully bring about green alternatives, underwriters must lean into this transitional period with a pulse on both sides of the energy aisle. It will take additional considerations during the process, including a review of rates, coverage options and availability, and detailed terms and conditions to best service green transformation companies.

“The businesses have to coexist. Existing traditional energy sourcing companies that are investing in green solar, wind or geothermal will still have their original exposures; just less over time,” Langes said.

“The underwriting challenge, therefore, is that we must underwrite the two dichotomies, green transformation along with traditional, as companies transition forward.”

Environmental Underwriting Experts at Your Service

Insurance is a partnership forged by the insurer’s deep understanding of the insured’s risk management needs. At PHLY, the team is dedicated to better understanding its client partners’ businesses inside and out.

Companies looking to join the green transformation can rest easy knowing that the environmental underwriting team at PHLY applies this same level of understanding.

“We’re proactive in our approach, more than reactive,” Langes continued. “This means that what’s next, what’s new, what our insureds’ needs are, remains at the forefront of our decision making. Investing in green transformation is a fairly new endeavor for many insurance companies, but we, at PHLY, have the advantage that we’re always willing to be engaged in the evolving conversation.”

“We are integrating green transformation options into our coverage positions, investing in these initiatives as we would for any operation,” Langes said.

As part of Tokio Marine Group, its parent company, PHLY can further leverage the insurance experts within the umbrella to evaluate, at the highest level, the societal changes and community interest in green transformation and what clients are looking for from their financial insurance partners.

Further, PHLY has built an environmental underwriting team with tenured experience in the marketplace. But it’s more than that: “We not only have the experience but also the expertise,” said Langes. “Many of our underwriters come from the consulting field, so they also understand the technical aspects of sustainable energy solutions. We leverage that into collaboration, and towards being a resource for brokers to help them support their clients for insurance. Tokio Marine and PHLY bring all of that expertise to the table on products and service.”

This dedication to green transformation has enabled PHLY to have competitive and tailored coverage. Underwriters are paying close attention to companies transitioning to alternative energy solutions, as well as looking at related fields to constantly and consistently remain in the know.

To learn more, visit: https://www.phly.com/ESdivision/es-environmental.aspx

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Philadelphia Insurance Companies. The editorial staff of Risk & Insurance had no role in its preparation.

Philadelphia Insurance Companies (PHLY) offers product-specific resources, alliances, and service capabilities to achieve a multi-faceted approach to risk management, including safety program development, site audits, and training (including interactive web-based training). We offer a wide range of products and value-added services at financial terms to be agreed upon to help you achieve your risk management goals.