A GROWING MENACE INDUSTRY PROS ANALYSE RANSOMWARE TRENDS AND ITS IMPACT ON BUSINESSES

Next Article

CONNECTING THE DOTS

There has been a dramatic surge in ransomware attacks in 2022, and it is estimated that it accounted for 20 percent of all cybercrimes last year. According to IBM’s recent data breach report, the average cost of a ransomware breach was $4.54 million in 2022, and industry experts believe it will continue to be the top threat vector this year as well.

What are the top ransomware trends to watch in 2023?

“Many of the ransowmare trends seen in 2022 will continue through 2023 –including the dominance of ransomwareas-a-service offerings, supply chain attacks and double extortion,” says Charles Smith, Consultant Solution Engineer, Data Protection, Barracuda. “There is a government-level debate taking place in some countries about whether making the payment of ransoms illegal will help to disrupt the criminal business model or just drive payments underground. National and international law enforcement efforts to bring down alleged gangs look set to continue.”

However, one thing that deserves greater emphasis – it’s been covered in a few research reports over the years and is worryingly clear from our own latest research – is the risk of repeat attacks. We found that 38% of the organisations surveyed had fallen victim to two or more ransomware attacks in 2022, he says.

Sophos noted in our annual threat report that ransomware was still one of the most pervasive cybercrime threats to organisations, and ransomware operators are continuously evolving their tactics, techniques, and procedures in order to avoid detection.

“Over the past year, for example, we saw groups targeting Linux in addition to Windows, adopting new languages like Rust and Go to avoid detection, and developing news ways to extort their victims, such as offering a “subscription model” for leaked data,” says Christopher Budd, Senior Manager, Threat research at Sophos.

Ram Narayanan, Country Manager at Check Point Software Technologies, Middle East, says ransomware attacks have become a central cyber threat

Charles Smith

and oppose a disruptive factor globally to organisations, corporates and even governments. “Ransomware was the leading threat to organisations in the first half of 2022 and as we look ahead to 2023, that trend shows no signs of slowing down. The ransomware ecosystem will continue to evolve and grow with smaller, more agile criminal groups forming to evade law enforcement.”

Narayanan says as ransomware groups continue to see success, it’s likely that we’ll begin to see more groups and more organised cyber crime, hacktivism and cyber warfare. We’re already seeing firms being attacked multiple times, so just because a company has suffered once doesn’t mean that it’s immune to another attack, unless it pivots to a prevent-first cyber security strategy. Globally, ransomware attacks are due to spike in 2023. While some industries have invested heavily in ransomware prevention, detection and mitigation tools, other industries have barely begun to make a stand.

Ram Vaidyanathan, IT security evangelist, ManageEngine, says one of top ransomware trends you need to watch out for this year include AI-powered ransomware attacks. AI is increasingly being used for cyberattacks, and ransomware is no exception. Attackers can use AI at every stage of a ransomware attack, from initial entry to extortion.

He says ransomware attacks have entered the cloud environment. The increase in adoption of cloud computing has led to a rise in the number of vulnerabilities in cloud service providers (CSP) for ransomware attackers to exploit.

What are some of the top active ransomware gangs to watch in 2023?

Because of the ransomware-as-aservice model, this is something that’s constantly evolving. Groups are created, they disband or have their operations disrupted, and then remnants of these disbanded groups create new ones.

“In our threat report, we provided data on the most frequently encountered ransomware groups by our Rapid Response team in the first ten months of 2022. Lockbit was the one encountered most frequently, followed by BlackCat and Phobos (an older group that typically takes advantage of compromised remote desktop connections). Lockbit is a group that has received a lot of media attention recently after some high-profile attacks, and we can say that they definitely have somewhat “led the pack” in terms of creating new ways to extort victims,” says Budd from Sophos.

Narayan from Check Point picks Conti and BlackBasta as top active ransomware gangs in 2022 that may continue to pose a threat in 2023. Conti is a relatively new ransomware group that emerged in 2020 and quickly gained notoriety for their successful attacks on several high-profile targets, including Ireland’s health service. They are known for using double-extortion tactics, where they not only encrypt victim’s data but also threaten to release it publicly if the ransom is not paid.

BlackBasta is believed to have been developed by a group of Arabic-speaking hackers and is known for its targeted attacks on large organisations, particularly in the energy sector. The group behind Blackbasta is known for its use of a sophisticated malware loader to evade detection and for its use of a custom encryption algorithm. The group has been active since at least 2019.

Smith from Barracuda says this is a difficult one to answer. First, the landscape is changing all the time, with attack groups coming together, splitting apart, rebranding, apparantly leaving the landscape, being taken down, and more. Some of this is because ransomware gangs don’t really want to attract too much attention as this will put them on the radar of law enforcement.

Second, many ransomware operations are now available as-a-service (RaaS), and this means that different groups of attackers could potentially use different ransomware offerings to launch attacks. Attack kits can be purchased on the dark web so the actual attacker could be just about anyone, while the more established gangs are paid for the use of the kit or a proportion of the proceeds.

“What’s important is building effective defenses against any and all ransomware and keeping track of how overall attack behaviors, tools and techniques are evolving,” he sums up.