Ransomware attacks continue to grow in sophistication and effectiveness. The reported incidents in 2022 were much more damaging and costly to address than ever before. According to IBM’s data breach report for 2022, the share of breaches caused by ransomware increased by 41% over the previous year and took nearly 50 days longer to diagnose and remediate than the average cyberattack.
Many of these attacks targeted major companies that should have had substantial cybersecurity systems in place, including Macmillan Publishing, Yum! Brands, and Entrust. In a worst case scenario, a ransomware attack can even cause an organization to shut down, as happened to Lincoln College following an incident that paralyzed its submission systems.
As ransomware attackers continue to develop innovative strategies to target vulnerable organizations, it’s more important than ever for businesses to invest in their cybersecurity measures and work closely with capable managed security services providers (MSSPs).
An Evolution of Ransomware
Traditional ransomware attacks utilize malware to encrypt data stored within a system and then force victims to pay a ransom to unlock the data. In many instances, the attackers will threaten to erase the data if there is any attempt to remove or bypass the malware. These payments are typically demanded in cryptocurrency, with Bitcoin making up a whopping 98% of ransomware payments in Q1 of 2019.
But where attackers were once content with locking down access to data, they are now expanding their ambition to extract greater payouts from their victims. Many strategies now involve a tactic known as data exfiltration, which involves exporting data from an organization’s system and threatening to leak it publicly if a ransom payment isn’t delivered. The most sophisticated attackers employ a double extortion tactic, which both encrypts data and exfiltrates it to an outside system. This gives them the ability to extract even greater payouts from their unfortunate victims.
5 Ransomware Trends to Watch in 2023
Cybersecurity experts have identified several important ransomware trends to watch throughout the course of 2023. Understanding the shifting nature of these attacks and how to address them is essential to preventing data breaches and keeping mission-critical applications secure.
1. Increased Focus on Leaking Stolen Data
The threat of data exfiltration tactics makes data breaches much more costly and potentially damaging than ever before. In both the Medibank and Los Angeles Unified School District attacks, huge troves of personally identifiable and confidential data were dumped online after the targeted organizations refused to pay the ransom. Given the obvious liability risks of these data breaches, exfiltration and double extortion strategies provide attackers with an additional threat to hold over the heads of their targets.
2. Increased Availability of Ransomware Tools
As ransomware attacks become more sophisticated, the need for technical resources and expertise has grown. To address this gap in knowledge, attackers are increasingly utilizing ransomware-as-a-service (RaaS) platforms that allow users to purchase ready-made ransomware tools with varying levels of customization options. This has made it much easier for less-experienced hackers to launch successful ransomware attacks. The increased ease of launching such attacks is a worrying trend and suggests that ransomware will continue to be an effective tool for cybercriminals in 2023.
3. Purchasing Stolen Credentials
Initial access brokers (IABs) are becoming an increasingly popular resource for ransomware attackers. These brokers sell credentials obtained from phishing campaigns and social engineering tactics, making it easier for hackers to gain access to compromised systems. Organizations that have not implemented multi-factor authentication safeguards (or have employees experiencing “MFA fatigue”) are especially vulnerable to this trend, which grew substantially in 2022. The use of stolen credentials eliminates the need to bypass cybersecurity systems and provides bad actors with a fast and cheap way to launch an attack. Since hackers don’t have to worry about penetrating defenses, they can instead focus their efforts on developing more sophisticated ransomware attacks.
4. New Ransomware Strategies
Thanks in large part to the thriving RaaS model, new strains of ransomware are constantly being developed that are difficult to detect and remove. Some of the more troublesome innovations in ransomware expand the scope of attacks and use strategies that help them elude detection until it’s too late. With each passing year, attacks also continue to get faster. A 2022 comparative study of ransomware binaries found that the median ransomware takes about 43 minutes to encrypt nearly 54 gigabytes of data, with some strains (such as the infamous LockBit ransomware, which struck the UK’s Royal Mail in February 2023) capable of encrypting almost 25,000 files each minute.
Auto backup deletion is a new malware feature that allows attackers to either encrypt or delete backup files automatically, making it much more difficult to restore data following an incident. Another recent development is the use of slow or intermittent encryption attacks, which stealthily mimic software behavior by only accessing and encrypting portions of a file over time to render it unusable.
Examples of New Ransomware Strategies
-
Faster encryption algorithms
-
Auto backup deletion
-
Slow/intermittent encryption
-
Mimicking software behavior
5. Emphasis on Known Vulnerabilities
The continued proliferation of ransomware has led to a greater emphasis on unpatched vulnerabilities and insecure systems. Attackers frequently leverage known security flaws to gain access to target networks and remain undetected while they conduct their activities. In addition, many ransomware families have been designed specifically with the intention of exploiting existing vulnerabilities to spread laterally from one system to another. To make matters worse, many attackers have been known to contact the targeted organization before an attack and inform them of vulnerable systems to increase the chances of a payment being made without having to execute the actual attack.
Unfortunately, many organizations do not perform regular updates or implement patches to eliminate known vulnerabilities. A 2023 study found that 12% of servers running the VMware ESXi hypervisor have not been patched to eliminate a two-year-old vulnerability frequently targeted by the “ESXiArgs” ransomware. In 2021, ransomware attackers exploited a pair of decade-old vulnerabilities in Adobe’s ColdFusion software, which the company sunset in 2016. Keeping systems up to date with the latest versions of actively supported software is critical to protecting data from ransomware attacks.
Working with an MSSP helps keep your data and systems safe
The right mix of people, process, and technology is essential for successfully thwarting ransomware attacks. Working with a managed security service provider (MSSP) can help keep your data and systems safe by implementing a multilayered approach that combines ransomware prevention, detection, active monitoring, and remediation strategies. Experienced MSSPs also have the expertise and resources to advise you on making informed decisions about your security posture and policies. With the right partner, organizations can be confident that their data is safe from malicious actors.
Concertium is a managed cybersecurity provider with more than 25 years of experience helping private, government, and public sector organizations manage and protect their critical infrastructure. Unlike many security providers, our expertise goes far beyond prevention and detection practices, allowing us to effectively investigate and remediate incidents when they occur. We work closely with your team and other cybersecurity vendors to provide your organization with end-to-end protection from ransomware and other cyberthreats.
To learn more about how we can help keep your data and systems secure, contact our team today for a free consultation.