LockBit ransomware attackers have escalated their tactics by reaching out to the victims’ customers and launching distributed denial-of-service (DDoS) attacks, according to a report by cybersecurity firm Akamai. This triple extortion strategy adds additional pressure on the victims to comply with the attackers’ demands.
Ransomware groups have been increasingly focused on exfiltrating files as a means of extortion. Recent attacks on GoAnywhere and MOVEit have highlighted this trend. Attackers aim to maximize their damage while minimizing their efforts, using various tactics to intimidate victims into paying the ransom. The report emphasizes that relying solely on file backup solutions is no longer sufficient to protect against these attacks.
Furthermore, the report reveals that organizations hit by ransomware are at a higher risk of subsequent attacks. Victims attacked by multiple ransomware groups are nearly six times more likely to experience another attack within the first three months. While organizations are busy recovering from the initial attack, other ransomware groups, scanning for potential targets, can take advantage of this vulnerable window to strike. This suggests that organizations must be vigilant and strengthen their cybersecurity measures even after paying the ransom.
The payment of the ransom does not guarantee the safety of the organization either. In fact, it increases the likelihood of being targeted again by the same group or multiple groups. If the victim organization fails to address the vulnerabilities that allowed the initial breach, they are likely to be targeted again. Additionally, complying with ransom demands may label the victim as a potential target for both the original group and others.
The size and revenue of organizations also play a role in ransomware attack trends. Contrary to the assumption that larger enterprises with higher revenue are primary targets, Akamai’s analysis shows that smaller organizations are more at risk. Businesses with reported revenues of up to $50 million accounted for 65% of total victims, while organizations with revenues above $500 million accounted for just 12%. The report suggests that smaller companies are more vulnerable due to their easier-to-infiltrate environments and limited security resources. Additionally, these companies may be more inclined to pay the ransom to minimize disruption and potential revenue loss.
Overall, the report highlights the evolving tactics of ransomware groups and the need for organizations to adapt their cybersecurity strategies. The inclusion of DDoS attacks and the focus on exfiltrating files demonstrate the increasing sophistication of these attacks. Organizations of all sizes must prioritize robust security measures, regular vulnerability assessments, and timely remediation to effectively defend against ransomware threats.