- Ransomware attacks are on the rise globally, affecting businesses and individuals alike.
- Ransomware tactics are evolving, with attackers favoring supply chain attacks and triple extortion tactics.
- Malicious actors are leveraging advanced tech like AI for crafting ransomware. Weak mobile device security and the 5G rollout pose significant threats.
Ransomware attacks has increased by 68% in 2023, according to the latest findings by Malwarebytes. From the rise of supply chain attacks to the proliferation of triple extortion tactics, the tactics of ransomware actors are evolving.
Are ransomware attacks increasing?
According to 2024 ThreatDown State of Malware report by Malwarebytes, a global player in real-time cyber protection, ransomware attacks increased by 68% in 2023, reaching a record level of 4,475 attacks.
“Small and medium-sized organisations face a deluge of cyber threats daily including ransomware, malware and phishing attacks. This new data spotlights the pervasive cat-and-mouse game between cybercriminals and the security and IT teams on the front lines,” said Mark Stockley, Cybersecurity Evangelist, Malwarebytes ThreatDown Labs.
According to the Verizon 2023 Data Breach Investigations Report (DBIR), ransomware attacks were involved in 24% of all breaches.
Ransomware affected 66% of organisations in 2023, according to Sophos’ The State of Ransomware 2023 report.
Since 2020, there have been more than 130 different ransomware strains detected, according to VirusTotal’s “Ransomware in a Global Context” report. The GandCrab ransomware family was the most prevalent, comprising 78.5% of all samples received. Ninety-five percent of all the ransomware samples were Windows-based executable files or dynamic link libraries.
Also read: FBI Alerts on Escalating Threat of Dual Ransomware Attacks
Trends in ransomware attacks
Instead of targeting individual victims, ransomware actors are increasingly opting for supply chain attacks, amplifying the scale of impact. Notable instances include exploits in software products like Moveit Transfer from Progress software, resulting in widespread ransomware incidents by groups like Clop. Other examples include the Kaseya attack, affecting numerous managed service provider customers, and the SolarWinds hack.
Traditionally, ransomware involved encrypting data and demanding a ransom for decryption. However, with the emergence of double extortion, where attackers also exfiltrate data, triple extortion has become prevalent. Threat actors, such as Vice Society, have leveraged triple extortion tactics, as seen in attacks against entities like the San Francisco Bay Area Rapid Transit system.
The era of bespoke ransomware coding for each attack is fading. Ransomware as a service (RaaS) offers a pay-for-use model, enabling attackers to access ransomware code and operational infrastructure through a platform, streamlining the execution of ransomware campaigns.
Targeting unpatched systems remains a significant issue. While some ransomware attacks exploit novel zero-day vulnerabilities, the majority capitalise on known vulnerabilities present in unpatched systems.
Phishing emails continue to be a common entry point for ransomware attacks. With advancements in generative AI, attackers can craft sophisticated phishing lures more easily, enhancing the efficacy of their campaigns.
Also read: World’s largest bank hit by LockBit ransomware gang linked to Boeing, Ion attacks
Future threats
Malicious actors are already leveraging AI-powered language models like ChatGPT to craft code, potentially escalating the frequency of attacks. Generative AI facilitates the creation of new ransomware strains, amplifying the threat. Voice simulation software, generated using AI, has been used in scams, including one where a CEO of a British energy provider transferred $250,000 after receiving a call from what appeared to be the parent company’s head. Deepfake video technology, available for phishing frauds, further compounds the risk.
Weak security practices and the intermingling of personal and corporate data on mobile devices make them lucrative targets for cybercriminals. The pandemic-driven shift towards remote access via private devices, often lacking multi-factor authentication, has led to successful cyberattacks and substantial insurance claims. Criminals are deploying specific malware to target mobile devices, capitalising on their lax security measures. The rollout of 5G technology poses additional concerns, given its potential to power a myriad of connected devices, including those with poor cybersecurity records.
The burgeoning shortage of cybersecurity professionals poses significant challenges, with demand far exceeding supply. Gartner predicts that a lack of talent or human error will contribute to over half of significant cyber incidents by 2025. The scarcity of skilled personnel makes it harder to predict and prevent cyber incidents, leading to potentially higher losses. Early detection and response capabilities are paramount in mitigating cyber threats. While IT security budgets are primarily allocated towards prevention, prioritising detection and response can significantly reduce the impact of incidents, preventing potential costs from ballooning.
