Akamai Technologies, Inc., a leading cloud company, has released a new State of the Internet report that highlights the increasing threat of ransomware. The report, titled “Ransomware on the Move: Exploitation Techniques and the Active Pursuit of Zero-Days,” reveals that the use of Zero-Day and One-Day vulnerabilities has led to a staggering 143% increase in the number of ransomware victims between Q1 2022 and Q1 2023. Additionally, the report emphasizes that ransomware groups are now primarily targeting the exfiltration of files, making file backup solutions no longer sufficient for protection.
One significant finding of the report is the evolution of adversary methods and techniques. Adversaries have shifted their focus from traditional phishing tactics to vulnerability abuse. LockBit is identified as the dominant ransomware group, accounting for 39% of total victims between Q4 2021 and Q2 2023. Furthermore, the CL0P ransomware group is aggressively developing Zero-Day vulnerabilities and has seen a 9x increase in victims year over year.
The report also highlights the impact of ransomware attacks on specific industries. Manufacturing experienced a 42% increase in total victims between Q4 2021 and Q4 2022, posing a potential threat to global supply chains. LockBit was responsible for 41% of attacks on the manufacturing sector. The healthcare industry saw a 39% increase in victims during the same period, with the ALPHV (also known as BlackCat) and LockBit ransomware groups targeting this sector.
Other key findings from the report include:
1. Organizations with reported revenue of up to $50 million were the most targeted, accounting for 65% of victims. Organizations with revenue above $500 million made up 12% of total victims.
2. Victims of multiple ransomware attacks were over 6 times more likely to experience a second attack within three months of the initial breach.
3. Financial services organizations witnessed a 50% increase in the number of impacted organizations year over year, while the retail sector ranked third in terms of ransomware victims per industry, with a 9% increase.
Pavel Gurvich, Senior Vice President and General Manager of Enterprise Security at Akamai, emphasized the critical need for organizations to understand the techniques and tools used by adversaries in order to protect their critical assets, maintain brand trust, and ensure business continuity.
To further support the security community, Akamai provides access to its threat researchers through the Akamai Security Hub. The company also encourages engagement and learning from the team via their Twitter handle, @Akamai_Research. Additionally, Akamai will be present at the BlackHat conference in Las Vegas at booth #2420.
The report’s methodology involved collecting ransomware data from approximately 90 different ransomware groups through leak sites. The data included details such as timestamps, victims’ names, and victim domains. The focus was on analyzing the number of unique victims within each group and correlating this data with additional information obtained from ZoomInfo, such as location, revenue range, and industry. The research data spanned a 20-month period from October 1, 2021, to May 31, 2023.
Akamai Technologies is a global leader in powering and protecting digital experiences. Their Connected Cloud platform provides edge and cloud solutions that enhance user experiences and mitigate security threats. For more information about Akamai’s offerings, visit their website at akamai.com or follow them on Twitter and LinkedIn.
In an increasingly connected world, the threat of ransomware continues to grow. Organizations must remain vigilant and proactively invest in robust security measures to safeguard their digital assets and ensure the integrity of their operations.