Ransomware was one of the most deployed forms of malicious cyber-attacks in 2022 and cyber security experts are warning that 2023 is expected to get much worse.  The average cost of a ransomware attack in 2021 was $1.85 million, up from $283,000 in 2020 and $141,000 in 2019.  The global cost of ransomware attacks is expected to increase from $20 billion in 2021 to $265 billion by 2031. According to the International Data Corporation, 33% of organizations globally have been victims of ransomware, with the number of attacks increasing 62% year-over-year.

The National Health Service suffered a $100 million dollar loss as a result of being infected with ransomware called WannaCry.    According to Verizon’s 2022 data breach report, ransomware attacks saw an increase of 13% in the past 5 years alone.

What makes ransomware so attractive as a tool for cyber extortion has become a quickly growing, widespread, and sophisticated network of support and software providers, who have turned the cyber-criminal enterprise into a quasi-legitimate business model for hackers and cyber extortionists.  Organizations form around providing and supporting their own set of malicious tools such as ransomware and then act as a support service for individuals or other cyber-crime rings who employ those tools around the world.

This kind of free development of these enterprises is contributing to Ransomware becoming more targeted and sophisticated as we look forward in 2023.  The most trouble trends including ransomware variants including double extortion and automatic attacks on back repositories.

Double Extortion – In a double extortion ransomware attack, a cyber-criminal steals compromised data simultaneously so they can extort the victim twice- once to recover their data, and another time to prevent its release or sale to the public.  Companies who have patents or who have developed specialized industry methods are especially susceptible to these forms of attack variants.

Supply Chain Attacks A supply chain ransomware attack is one in which an attacker breaks into the victim’s network by taking advantage of vulnerabilities in the computer systems of the company’s supply chain partners.  By compromising one company, the criminals can gain access from that hub to the firm’s partners via network connections and integrations.

Ransomware-as-a-Service

Ransomware as a Service is a pay-for-use malware.  It enables an individual with very limited technical knowledge to use a platform that provides the necessary ransomware code and operational infrastructure to launch and maintain a ransomware campaign.  An attacker can simply log into an online portal, create an account, pay through cryptocurrencies like Bitcoin, select the ransomware to deploy, and submit the attack.  The most sophisticated RaaS operators even offer customer support portals to allow their subscribers to see the status of infections, total payments, total files encrypted, and other information about their victims.

These forms of RaaS providers have allowed for ransomware to become more rampant than ever before.  Furthermore, the types of ransomware these platforms deploy include other abilities, such as Auto Backup Deletion and Slow Encryption.

Auto Backup Deletion – A common misconception with ransomware attacks is that you can simply restore everything from backups.  While this may have been an option in the past, attackers are now encrypting or deleting backups automatically as part of their attack.  Backups are great for restoring data, but will not mitigate the damage of stolen information getting out.

Slow Encryption – A new type of attack we are starting to see in the market is a slow encryption attack.  This technique is being utilized to mimic user behavior and evade many of the triggers which would report and stop an attack, and have started to show some success.  This type of attack has also been seen in conjunction with other types of attacks (double extortion, supply chain, etc.).

With so many new forms of cybercrime and ransomware present online, it’s more important now than ever to have a Technology and Cyber Security partner who you can rely on to help you protect your companies data, computers, and technology.  Working with a Managed Services Provider like Natural Networks can help enable you to have the tools and readiness to defend from attacks like ransomware, and protect your data.