Ransomware Attacks Rising Again

CyberRisk Management
Written By Megan Henderson

There has been a significant ransomware resurgence in 2023, with the number of victims in March 2023 nearly double that of April 2022 and 1.6 times higher than the peak month of 2022, according to the Ransomware Threat Landscape 2023 report from Black Kite. The report found that 410 organizations were ransomware victims in March 2023, compared to 208 in April 2022.

In 2022, there were signs of ransomware attacks decreasing due to increased pressure from law enforcement and international sanctions in response to Russia’s invasion of Ukraine, which hindered ransom money movement and resource investment in Western countries. However, ransomware incidents increased in February and March of 2023 with the emergence of new ransomware gangs and the adoption of encryption-less tactics.

Key takeaways from the report include:

  • Manufacturing (19.5%), professional, scientific and technical services (15.3%), and educational services (6.1%) were the top targeted industries.

  • The United States accounted for 43% of victim organizations, followed by the UK (5.7%) and Germany (4.4%).

  • Ransomware groups mostly targeted companies with annual revenues of around $50 million to $60 million.

  • Encryption-less ransomware is on the rise.

  • Commonalities between victims include poor email configuration, recent credential leaks, public remote access ports, out-of-date systems and IP addresses with botnet activity.

Businesses should consider the following to effectively minimize their ransomware risks:

  • Perform frequent data backups. By keeping sensitive data secure, businesses can make it increasingly difficult for cybercriminals to access and use this information against them amid ransomware attacks.

  • Leverage patch management plans. Businesses should conduct regular software updates to reduce their software vulnerabilities and, in turn, eliminate potential ransomware attack vectors for cybercriminals.

  • Utilize endpoint detection and response (EDR) solutions. Businesses can use EDR solutions to continuously monitor security-related threat information across their devices and servers to better detect and respond to ransomware attacks and other malware.

  • Enforce access control policies. Access controls can make it significantly more complicated for cybercriminals to gain unauthorized entry into organizational accounts, devices and servers, further minimizing potential ransomware attack vectors.

  • Segment and segregate networks. Network segmentation refers to dividing larger networks into smaller segments (also called subnetworks) using switches and routers, permitting businesses to better monitor and control traffic flow between these segments. Network segregation entails isolating crucial networks (i.e., those containing sensitive data and resources) from external networks, such as the Internet.

  • Establish Remote Desktop Protocol (RDP) safeguards. To adequately safeguard their RDP ports, businesses need to keep these ports turned off whenever they aren’t in use, ensure such ports aren’t left open to the Internet, and promote overall interface security through a virtual private connection and multifactor authentication.

  • Implement email authentication technology. As it relates to preventing ransomware incidents that begin with phishing scams, email authentication technology is a useful tool. This technology monitors incoming emails and determines the validity of these messages based on specific sender verification standards that businesses have in place.

  • Prioritize end-of-life (EOL) software management. At some point, all software will reach the end of its life. This means manufacturers will no longer develop or service these products, discontinuing technical support, upgrades, bug fixes and security improvements. Consequently, EOL software will have vulnerabilities cybercriminals can easily exploit to deploy ransomware attacks. As such, it’s clear that proactive EOL software management is necessary to prevent unwelcome surprises and maintain organizational cybersecurity.

As ransomware attacks become more frequent, severe and targeted, it’s important for organizations to take precautions. For more cybersecurity guidance, contact us today.

This Cyber Risks & Liabilities document is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice. © 2023 Zywave, Inc. All rights reserved.

Megan Henderson
Previous

Live Well Newsletter | June 2023
Next

Rising Workers’ Compensation Expenses Linked to Facility Services Costs