Ransomware Attacks Double: Is Your Business Prepared for 2024's Cyber Threats?

 

Ransomware attacks have only increased in sophistication and capacity over the past year. From constant innovations in technology, ransomware groups have adapted their tactics to effectively bypass common defense strategies. Threat intelligence company Cyble has reported increased instances of vulnerabilities being used as a vector to deliver ransomware and other malware in recent months, with a particular emphasis on networking devices.

Here are several trends in the ransomware space that are worth keeping an eye on:

Sectoral Focus Shift – Healthcare Industry

Healthcare is now one of the top 5 most targeted sectors by ransomware groups, accounting for nearly a quarter of all ransomware attacks. The Healthcare sector is particularly vulnerable to ransomware attacks as it has access Protected Health Information (PHI) and an extremely large attack surface spanning several websites, portals, billions of IoT medical devices, and a large network of supply chain partners and vendors.

High-income Organizations Remain a Focus

Ransomware operators prefer to target high-income organizations who have the means to pay exorbitant ransoms and a greater responsibility to retaining their reputation as a reputed firm. Along with healthcare, the most targeted sectors in the previous quarter were professional services, IT & ITES, and construction due to their high net worth and expanded attack surfaces.

The United States is Still the Most Targeted Country

In Q3 of 2023 alone, the United States faced more ransomware attacks than the next 10 countries combined. This could be the US's unique role in being a highly digitized nation with a massive amount of global engagement and outreach. Due to geopolitical factors, the United States is also a prime target for hacktivist groups due to perceived social injustice or to protest foreign and domestic policies.

LOCKBIT & Newer Ransomware Groups Continue to Pose Threats

LOCKBIT, the Ransomware-as-a-Service (RaaS) software, had fewer total attacks than the previous quarter but they still targeted the highest number of victims, with 240 confirmed victims in Q3 of 2023.

Newer players on the ransomware scene have not been idle, however. There has been a surge in attacks from newer groups such as Cactus, INC Ransom, Metaencryptor, ThreeAM, Knight Ransomware, Cyclop Group, and MedusaLocker. Despite not having the same profile and global presence as major players like LOCKBIT, these groups are also potent threats.

Increasing Adoption of Rust and GoLang in Newer Ransomware Variants

Ransomware groups have always tried to make it difficult for victims, cybersecurity experts, and governments to study the ransomware, its infection vector, and mode of operation. Rust and GoLang are growing in popularity amongst high-profile ransomware groups such as Hive, Agenda, Luna, and RansomExx. Programming languages like Rust make it both harder to analyze the ransomware's activity on a victim’s system and easier to customize to target multiple operating systems, increasing the damage and target base.

How have Organizations reacted to these Developments?

Every news cycle seems to contain at least one incidence of a high-profile organization or industry leader falling victim to ransomware at some point. Government and regulatory bodies worldwide have rolled out their own measures to mitigate the impact and incidence of ransomware attacks. Firms will have to take matters into their own hands by implementing practices to prevent risk and mitigate the impact of ransomware attacks. Some primary recommendations are:

Emphasis on Employee Training

An organization's workforce is the first line of defense against any attack, and ransomware is no exception. Firms are stepping up their cybersecurity training and awareness programs, rolling out mandatory cybersecurity training sessions and fostering a culture of cyber-awareness. Examples include training on identifying phishing attempts, handling suspicious attachments, and identifying social engineering attempts.

Incident Response Planning

Despite extensive efforts in prevention, ransomware attacks can still occur due to a plethora of factors. Organizations have accounted for this and increased their focus on developing a comprehensive response to such incidents. These include legal protocols to notify authorities, internal security next steps, infosec team responses, and quarantining any affected systems/products.

Enhanced Recovery and Backups

Ransomware attacks aim to gain access to sensitive data and encrypt this data to render it unusable to the target organizations. To address this risk, organizations have started placing a greater focus on backing up sensitive data and creating comprehensive recovery processes for the same.

Implementation of Zero-Trust Architecture and Multi-Factor Authentication

Ransomware groups have previously exploited the human element to enable or enhance ransomware attacks via Initial Access Brokers, phishing attacks, etc. As a response, firms have implemented Zero-Trust Architecture and MFA across all critical platforms and data, requiring multiple verified levels of authentication to grant access to sensitive data.

Intelligence sharing and collaboration with Law Enforcement

Organizations in the same industries have created Information Sharing and Analysis Centers (ISACs) to help pool their resources and intel to help combat future ransomware attempts. They are also working closely with law enforcement and regulatory bodies to report ransomware attempts and help diagnose security shortcomings.

Securing supply chains and vendor risk management

It is common for ransomware groups to target an organization’s supply chain via vendors, partners, and third parties who may not be as cybersecure. Organizations have accordingly rolled out vendor risk assessments to ensure that their entire supply chain is airtight and uniformly protected against potential ransomware attempts.

Organizations should confirm that the software and products they use are up to date, and implement cyber-awareness strategies to ensure that potentially exploitable vulnerabilities are identified and secured against on a priority basis.

Don't leave your business vulnerable to the rising threat of ransomware attacks!

Take action now to fortify your defenses and safeguard your valuable assets. Contact us today to stay one step ahead of cyber threats for a secure and resilient business environment.

 

Related Blogs

ransomware, cybercrimeEd Fung