Last Week in Ransomware: 01.22.2024

Last week in ransomware news we saw ransomware causing psychological trauma for victims, ransomware attack levels surging last year, and the majority of organizations reporting being hit by ransomware in 2023...

Ransomware Attacks Surge in 2023

In a tumultuous year marked by a marked increase in data extortion attacks, 2023 witnessed a staggering 55.5% year-over-year surge in ransomware attacks, reaching an alarming count of 4,368 cases.  

This surge signifies a resurgence in the intensity of cyber threats, with both established groups and new actors contributing to the growing menace.

Leading the pack in 2023, LockBit 3.0 maintained its dominance, victimizing 1,047 entities through high-profile attacks on Boeing and the Royal Mail. Notably, BlackCat/ALPHV and Cl0p trailed with 445 and 384 victims, respectively.  

The report also sheds light on emerging ransomware gangs like 8Base, Rhysida, 3AM, Malaslocker, BianLian, Play, and Akira, adding to the complexity and diversity of cyber threats.

The scale of the issue is likely underestimated, as a recent study revealed that 61% of executives chose not to report major ransomware attacks to law enforcement.  

This reluctance to disclose incidents, coupled with an FBI assessment from 2022 suggesting only 20% of attacks were reported, implies a much larger number of successful attacks than publicly acknowledged.

The gravity of the situation is emphasized by the growing connection between ransomware attacks and national security concerns. With rogue nations allegedly supporting or controlling ransomware operators, these cyber threats are evolving into potential acts of state-sponsored terrorism.  

The lack of accurate data hampers efforts to combat ransomware effectively, and security teams struggle to secure adequate funding without precise threat assessments.

While governments are making efforts to address the ransomware threat, the lack of comprehensive data impedes the allocation of resources. Accurate risk quantification is crucial for effective decision-making, especially in the challenging landscape of cybersecurity budgets.

The Russian government, providing a safe haven for many criminal elements conducting ransomware attacks, becomes a focal point. Calls for direct sanctions against such support are made, highlighting the urgent need for international cooperation to curb the escalating ransomware crisis.

READ MORE HERE

The Psychological Impact from Ransomware Attacks

The psychological toll of ransomware attacks is a significantly overlooked aspect, as revealed by a study from the Royal United Services Institute (RUSI).  

Small businesses in particular face severe consequences, with some business owners even experiencing suicidal thoughts. The strain on IT teams and security personnel is evident, leading to burnout and other health issues.

As ransomware attacks increase in severity, there is a marked shift in liability from CISOs to executives and Boards of Directors.  

Legal actions against CISOs, exemplified by cases like Uber and SolarWinds, indicate a changing landscape where organizational leaders are held accountable for cybersecurity failures.

The regulatory landscape further complicates matters, with reporting rules imposed by the Securities and Exchange Commission (SEC) requiring companies to disclose security events within four days.  

While transparency is essential, the challenges of conducting forensic investigations within tight timelines pose risks of incomplete or contradictory disclosures.

A punitive regulatory stance may lead security teams to withhold information from leadership, negatively impacting security operations. Organizations already struggling against ransomware threats now face additional challenges from an overzealous regulatory environment, increasing the risk of being re-victimized.

READ MORE HERE

Three-Quarters of Organizations Targeted by Ransomware Attacks

A majority of organizations (75%) reported being targeted by at least one ransomware attack in 2023, with 26% facing four or more attacks.  

Ransomware attacks, fueled by Ransomware-as-a-Service (RaaS) and novel evasion techniques, remain highly lucrative. The lack of accurate data exacerbates the threat, as executive willingness to pay ransoms and doubts about security team capabilities persist.

The ransomware threat is very real, the problem is seemingly growing exponentially, and executive leadership at organizations are struggling with how best to deal with both preparing to defend against attacks as well as what to do to protect the organization after a successful attack.  

Organizations require both a robust prevention and an agile resilience strategy to defend against this wave of ransomware attacks.  

READ MORE HERE

TeamViewer Leveraged in Ransomware Attacks

TeamViewer, a widely used remote access tool, has been exploited by ransomware operators through exposed or brute-forced credentials. TeamViewer is basically similar to an RDP but uses its own protocol.  

RDP exploits are used to remotely execute malicious code like malware and attack kits, or by executing scripts in fileless attacks, or when abusing legitimate network tools in what is known as living-off-the-land.  

Access to RDP and VPN or similar instances is usually accomplished by way of stolen or brute-forced user credentials. In this case there was no vulnerability exploitation in TeamViewer itself, as the attackers used the credential stuffing technique abusing compromised user credentials.

This highlights the importance of maintaining strong security practices, including complex passwords, two-factor authentication, and regular updates to mitigate unauthorized access.

READ MORE HERE

‍

Halcyon.ai is the leading anti-ransomware company. Global 2000 companies rely on the Halcyon platform to fill endpoint protection gaps and defeat ransomware with minimal business disruption through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration and extortion prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile, and check out the Recent Ransomware Attacks resource site.