Ransomware has been a threat to businesses since the 1980s In the last few years, however, ransomware attacks have become part of the daily threat landscape: in 2021, the number of ransomware attacks worldwide peaked at 105% of the previous year's total And in 2023, the situation is even worse
Leading cybersecurity firms such as the US Cybersecurity Infrastructure Security Administration and the National Cyber Security Center in the UK have already sent warnings about the threat
For more information on mitigations and what to do, read our guide on what to do if you are infected with ransomware
This year, 2023, ransomware attacks are up 9541% compared to 2022 and show no signs of slowing down Ransomware victims have already exceeded 3,311 this year, and is expected to be the first year to post 4,000 ransomware attacks on leaked sites
Cyber insurance specialist Corvus reported a surge in the third quarter, with 1,278 victims identified by ransomware leak sites, up 1122% from the second quarter
Law firms (up 70%), oil and gas (up 142%), and municipalities (up 95%) are the most targeted industries Manufacturing is another popular target (+60%) Hotels, telecommunications, retail, transportation, real estate, warehousing, and logistics all recorded double-digit growth in 2023
According to data from crypto-tracking firm Chinalysis, victims have already paid $4491 million to ransomware groups in the first six months of 2023 This figure has not reached $500 million for the full year of 2022
According to the company's data, if this surge in payments continues, the total could reach $8986 million by the end of this year, making 2023 the second largest year for ransomware revenue after the $9399 million in 2021
According to recent studies, well-known ransomware gangs such as LockBit have introduced variants designed to infect Apple macOS devices Meanwhile, ransomware provider Cyclops has designed ransomware that infects major OS systems including Linux, Windows, and MacOS There is also Cactus, which is designed to exploit vulnerabilities in the VPNs used to gain access to the system's network
In the second quarter of 2023, two new ransomware programs emerged, MoneyMessage and 8Base
8Base was launched in March 2022, but its activity increased markedly in June 2023 It uses customized Phobos ransomware to encrypt files and steal data, which is available on the black market as RaaS; MoneyMessage is similar in that it uses a dual extortion model and was discovered in March 2023
The latest ransomware statistics reveal that phishing is the most common method used to deliver ransomware In a recent survey of nearly 1,400 organizations, 75% experienced ransomware attacks, indicating that ransomware continues to be prevalent
It is worth noting that in most cases, phishing is not about stealing data, but about obtaining login credentials Hackers use these credentials to gain access to internal networks from which they deliver ransomware
Phishing is also used to deliver REVIL ransomware; the REvil group was involved in about 37% of ransomware attacks in 2021 It was launched in 2019 and operated for 31 months as a ransomware-for-service provider, providing software to criminals on a subscription basis It was one of the longest-running ransomware groups, eventually shutting down in 2021
A recent study by Palo Alto Networks Unit 42 found that on average, 70% of ransomware attacks involved data theft in 2022, while in mid-2021, data theft only occurred on average about 40% of the time Furthermore, a study conducted by Cisco Talos shows a 25% increase in data theft extortion in the second quarter of 2023
All of these studies are indications that data theft and multiple forms of extortion are on the rise In such attacks, fraudsters blackmail organizations to pay a ransom or else their data will be exfiltrated
Hawaii Community College recently paid money to a ransomware group to prevent the exfiltration of sensitive data After paying the ransom, the entries were removed, but there is no guarantee that this group will not target or exfiltrate data again in the future
Ransomware attacks are becoming increasingly prevalent and affecting almost every business This is due to the expansion of existing affiliate schemes, the growth of new scammers, and the pursuit by scammers of increased revenues
RaaS schemes have facilitated access to ransomware operations, exposing small and medium-sized businesses to the same risks as large corporations In conclusion, it is super important to implement proactive measures and take immediate action to mitigate the risk of ransomware and related data theft
Comments