Ransomware Just Won’t Go Away

Historically, successful attack strategies continue until adequate defenses are assembled. For example, the Mongol hordes ravaged Asia and Eastern Europe for centuries. A simple invention – the walled town – ended their ability to ride in from the wilderness and devastate a settlement. Since then, innovation has ended the dominance of the long bow and other forms of weaponry.

Maybe there will come a time when ransomware, too, will finally go away. But it is so lucrative that the bad guys are using it for all its worth. It is up to enterprises to up their game to be able to thwart it.

Ransomware Rising

Research from NCC Group reveals that ransomware activity is rising again. December of 2022 saw 269 ransomware attacks in the US, approaching the peak levels for the year seen that was experienced back in March and April of 2022. The leading antagonist in December was Lockbit, which accounted for 19% of attacks, followed by BianLain (12%) and BlackCat (11%). BianLain saw a 113% increase in ransomware activity for the month using the rare ‘Golang’ programming language. This group can encrypt victim devices rapidly and has a playbook that is causing concern. They release victim names in stages to prompt organizations into payment. If payment is not received, they release all the names.

Researchers at Comparitech came up with similar findings. They found 335 publicly reported ransomware attacks in 2022 in the US. But they drew attention to the previous year when double the number of ransomware attacks occurred.

Why the decline in 2022? One reason could be more targeted attacks. Hackers want to catch the biggest fish. They are going after them with more tailored tactics aimed at securing the biggest paydays. Further, in the event of non-payment, they prefer big names and well-known companies where there is a major embarrassment factor when they post the data for sale on the dark web or publish it online. Thus, we have seen ransom demands drop from an average of $5.5 million in 2021 to $4.74 million 2022 – yet the business sector experienced a surge in ransom demands, from $8.4 million average in 2021 to $13.2 million in 2022. Additionally, the average number of records breached in ransomware attacks in the business sector increased from 100,000 in 2021 to almost 900,000 in 2022.

The worldwide pattern largely follows that of the US. 1,365 ransomware attacks in 2021 dropping to 769 in 2022. However, the effectiveness of attacks has risen – again showing the likelihood of more precise targeting. In 2021, 49.8 million records were impacted by ransomware attacks and that number more than doubled to 115 million in 2022. Major victims include: TransUnion South Africa (54 million records), Russia’s Digital Network Systems (16 million records), Australia-based Optus (9.8 million), Medibank (9.7 million), and AirAsia Group (5 million).

Governmental and educational organizations remained heavily targeted by cybercriminals. Government-based ransomware attacks saw average ransom demands surge from $1.7 million in 2021 to a $10.2 million in 2022. Further, the volume of records breached per attack rose from 15,327 to 39,383.

Safeguarding the Enterprise

In the modern world, there is no time to bury one’s head in the sand and hope for the best when it comes to ransomware. Organizations should expect incursion attempts to be made steadily. Therefore, they must be well prepared in advance to prevent, detect, mitigate, and cleanse all systems before major damage occurs. They must ensure that no single unspotted vulnerability or unpatched system exists across their network.

Syxsense Enterprise offers a way to stop breaches with one endpoint security solution. It encompasses:

  • Scanning for vulnerabilities: prevent cyberattacks by scanning authorization issues, security implementation, and antivirus status.
  • Device quarantining: Block communication from an infected device to the internet, isolate the endpoint, and kill malicious processes before they spread.
  • Patch Management: With support for all major operating systems, automatically deploy OS and third-party patches as well as Windows 10 Feature Updates.
  • Collaboration: IT and security teams can automatically collaborate in a single console to know and close attack vectors.
  • Mobile Device Management: Control over the devices in your organization to keep your business-critical resources secure on every single endpoint in your network.

For more information, visit: www.Syxsense.com