Ransomware attacks have experienced a resurgence in 2023 after a period of decline in the previous year, according to a new report by Black Kite. Last year, many CISOs believed they had won the fight against ransomware gangs, as overall attacks decreased and ransom payments dropped by 40%. However, these optimistic assumptions proved to be false, as hackers regrouped and became even stronger during a period of complacency.
The report highlights the emergence of new players in the ransomware landscape, such as Royal, BianLian, and Play, who have taken advantage of advanced AI and ML technology to exploit new vulnerabilities. Coupled with mass-ransomware attacks executed by well-known groups like Lockbit and Clop, the situation has become more serious. In fact, the number of ransomware victims announced in March 2023 was nearly double that of April 2022 and 1.6 times higher than the peak month in 2022.
Certain industries are particularly vulnerable to ransomware attacks. Manufacturing and Professional, Scientific, and Technical Services accounted for nearly 35% of all ransomware victims from April 2022 through March 2023. Educational Services, Retail Trade, and Health Care and Social Assistance accounted for 17% of victims. The United States was the most targeted country, accounting for a staggering 43% of all victim organizations.
Interestingly, the report also revealed that ransomware groups often target companies with annual revenues of around $50M to $60M. These companies may have the financial resources to pay ransoms but potentially lack robust security measures. However, organizations of all sizes must remain cautious, as many are targeted through third-party vendors that fit this profile. Ransomeware attacks via third-party vendors were the second most common cause of third-party cyber breaches in 2022.
To combat the increasing threat of ransomware, organizations must take a proactive approach. Prevention, response, and recovery are the three phases toward agility and resilience. Prevention involves implementing internal security measures, such as monitoring ransomware indicators, regularly backing up critical data, and developing an incident response plan. Additionally, organizations should evaluate the cybersecurity posture of their third-party vendors and require them to adhere to industry best practices.
In the event of a ransomware attack, a rapid response is crucial to mitigate the damage. Steps include isolating affected systems, notifying relevant authorities and stakeholders, and engaging with cyber experts for remediation options. After an attack, organizations should conduct a thorough analysis to identify vulnerabilities and implement recommended security measures.
Looking ahead, organizations must remain vigilant as the state of ransomware continues to grow more dangerous. With new players and larger attacks, disruption is expected to continue throughout 2023. However, by implementing a combination of internal security measures and third-party risk management, organizations can stay off the radar of ransomware groups and minimize the potential damage caused by attacks. Collaboration and information sharing among industry peers will also be key in improving overall cybersecurity and preventing resurgences.
Bob Maley, the Chief Security Officer at Black Kite and an expert in the field, emphasizes the importance of recognizing the warning signs and thinking like a hacker to prepare for ransomware attacks. His experience and expertise have been recognized with nominations and awards, and his insights have been featured in numerous publications. With the right approach and collaboration, organizations can protect themselves against the growing threat of ransomware and ensure that resurgences become a thing of the past.