Ransomware trends 2023: The lowdown on today’s cyber shakedowns
Ransomware is a cybercrime veteran. It’s got decades of devastation under its belt, and has made billions for people of a shady inclination. And it’s the fastest growing form of cyber attack today.
The key to its survival? The ransomware market is endlessly evolving, with new types of ransomware emerging on the regular. Luckily, we’ve got some handy tips to help you make sure your organization doesn’t fall victim.
1. Exfiltration as standard
In the past, ransomware encrypted files before making itself known, offering up the decryption key in exchange for a ransom payment.
Today’s ransomware attackers favor ransomware variants incorporating data exfiltration.
Two benefits for ransomware actors:
If their ransom demand goes unanswered, they have the data and can threaten to leak it unless payment is made.
They can sell your organization’s sensitive data to the highest bidder.
As well as it being an add-on for more old-school encryption, attackers have worked out that it’s quicker and easier just to extract the data without deploying system-stopping malware. And quicker and easier means they can target more organizations.
2. Exploiting the cloud to make it rain
As more operations move to the cloud, cybercriminals are following. And there’s nothing heavenly about this flavor of cyber attack.
Today, more extortion is happening in the cloud than ever before. And cyber threat intelligence suggests cloud-aware ransomware is on the rise.
Yes, the decentralized nature acts somewhat as ransomware protection, but ransomware actors know they can get access to things like personal data via gaps through misconfigurations and unpatched holes.
3. Keeping it fresh via unexpected vectors
It’s a no-brainer: The more devastating the threat, the higher the chances a victim will pay up.
Securing the numerous, more obvious, devices such as the humble laptop is important, true. But everyday devices are likely to be covered by regular backups and patches, plus they’ll be relatively easy to rebuild during ransomware recovery, if it comes to that.
That’s why criminals like to spice it up when they can. If they can target a more unusual exploit—programmable logic controllers to name just one example—backup restoration and rebuild will be much more painful.
Older versions of mainframes are at risk of ransomware infection too, and yet plenty of organizations rely on these to keep their business-critical systems up and running.
More and more ransomware groups are cottoning on to these weaknesses. This means to fend off a ransomware infection in 2023 you can’t afford to overlook even the most niche opportunity for attacks.
4. All about that #productivity
Who’d want to spend more time and money than they had to? Not you, not us, and not ransomware attackers.
So, the more they can automate ransomware attacks, the more they can get done, the fewer errors they’ll make, and the fuller their pockets will be.
Take for instance LockBit ransomware, that well-known piece of malicious software that locks user access to systems. It’s notorious because it’s super fast, self-propagating, automated, and can multitask, carrying out various stages of the cyber killchain simultaneously.
And, it’s ransomware as a service (RaaS), meaning it can be bought or rented. Which brings ransomware within easier reach of even more bad guys. (#equality #crimeiscrime)
The TLDR of this? More criminals are doing more with less. So cybersecurity teams will be responsible for fending off more ransomware attacks than ever before.
Cybersecurity teams who play cybercriminals at their own automation game will be in the best position going forward. AI and machine learning will be pivotal. But read on for our take on what’s absolutely crucial besides that.
Heard of double extortion?
Yes, you probably have. But for the uninitiated, it’s basically another very good reason to defend against ransomware instead of getting stung and having to pay to get it dealt with.
With double extortion, ransomware actors steal data before their malware strain activates its encryption routine. So they can then demand a ransom twice . . . double extortion.
The first one is to provide a decryption utility, while with the second one, they provide verbal confirmation of having deleted the stolen data from their servers.
Supply chain ransomware attacks
A supply chain ransomware attack is where the network in question gets broken into through weaknesses in the computer systems of the victim’s supply chain partners. So you may be cybersecuritied up to the max, but if everyone you deal with isn’t, those pesky attacks can (and will) still get to you, joyously.
Similarly, if you are infiltrated by a ransomware attack, they can also use you as the linchpin to get to the networks of everyone you deal with, as a bonus.
An unfortunate (and quite well documented) example of this was Kaseya VSA. In the Kaseya attack of 2021, a whole network of managed service providers (MSPs) . . . and not forgetting their customers . . . became victims of a ransomware attack.
The REvil group was found to be responsible, and it was fairly devastating for all involved. It caused widespread downtime for over 1,000 companies. And that right there is an example of a supply chain ransomware attack in all its glory (or inglory).
Meanwhile, legislation limbers up
National agencies have been keeping a watch on cyber attacks for as long as the attacks have been happening. And with high-profile global epidemic style attacks like WannaCry comes more public pressure for the powers that be to do something.
The UK’s cyber agency calls ransomware the biggest cyber threat facing the nation. A host of agencies are dedicated to gathering ransomware incident intelligence and offering advice.
And that’s absolutely as it should be. Bodies like the Internet Crime Complaint Center in the US, or The National Cyber Security Centre in the UK, are essential.
Across the pond, ransomware has long held the attention of the secret service, law enforcement, and Homeland Security. Cyber security legislation, however, remains scant.
Government movements are notoriously slow. But could 2023 be where it starts? We hope so.
That’s because during 2022, ransomware attacks rained down on critical infrastructure sectors. 1 in every 2 successful ransomware attacks was on vital infrastructure like education, healthcare, and the government itself.
As attacks continue to deliver widespread operational disruption and data protection disasters, the more inevitable it seems that nation states will start throwing their weight around.
So, what exactly does a strong ransomware protection strategy look like in 2023 and beyond?
Listen, there’s no simple fix. Tiring though it is, keeping on your toes and throwing everything at it is necessary. We’re talking patching regularly, harnessing AI, robust security software, and keeping your many layers of defense in solid shape.
And, in case the worst happens, a comprehensive ransomware incident response plan can help you pick up the pieces.
But to maximize your ability to prevent ransomware attacks you need evidence-based defense against social engineering strategies that cybercriminals use to get users to click the link in that all-too-convincing phishing email.
That’s exactly why a behavioral-science-based approach is important.
Working with human nature isn’t always a doddle. But it’s possible to measure, analyze, and influence your organization’s human risk factor. And it means you can make a real difference to your chances of falling victim to a ransomware attack.
People are central to ransomware’s long-term survival, but they’re also central to any strong cyber defense strategy.
Our hope for 2023 is that organizations put that truth to work.
And some good news! If you’ve read this far, you’ve taken the first step.
Ready to take action and get on top of ransomware threat?