Kaspersky finds one in three cyber incidents are due to ransomware

Woburn, MA – May 8, 2024 – Ahead of International Anti-Ransomware Day on May 12, Kaspersky has released new research revealing a concerning trend in the global cybersecurity landscape, with ransomware attacks accounting for every third cyber incident in 2023. The report sheds light on the escalating threat of targeted ransomware groups, which have seen a 30% increase globally compared to 2022, along with a 71% surge in known victims.

Kaspersky's research, covering 2022 and 2023, revealed a worrisome escalation in targeted ransomware groups. Unlike random assaults, these targeted groups set their sights on government agencies, prominent organizations, and specific individuals within enterprises. As cybercriminals continue to orchestrate sophisticated and extensive attacks, the threat to cybersecurity grows ever more pronounced.

In 2023, Lockbit 3.0 emerged as the most prevalent ransomware, leveraging a builder leak in 2022 to spawn custom variants targeting organizations worldwide. BlackCat/ALPHV ranked second, until December 2023, when a collaborative effort by the FBI and other agencies disrupted its operations. However, BlackCat quickly rebounded, underscoring the resilience of ransomware groups. Third on the list was Cl0p, which breached the managed file transfer system MOVEIt, impacting over 2,500 organizations by December 2023, according to New Zealand security firm Emsisoft.

In its 2024 State of Ransomware report, Kaspersky identified several other noteworthy ransomware families, including BlackHunt, Rhysida, Akira, Mallox, and 3AM. Moreover, as the ransomware landscape evolves, smaller, more elusive groups are emerging, posing new challenges to law enforcement. According to the research, the rise of Ransomware-as-a-Service (RaaS) platforms further complicated the cybersecurity landscape, emphasizing the need for proactive measures.

Kaspersky's incident response team noted that ransomware incidents accounted for every third cybersecurity incident in 2023. The report also concludes that attacks via contractors and service providers emerged as prominent vectors, facilitating large-scale assaults with alarming efficiency. Overall, ransomware groups demonstrated a sophisticated understanding of network vulnerabilities, utilizing a variety of tools and techniques to achieve their objectives. They used well-known security tools, and exploited public-facing vulnerabilities and native Windows commands to infiltrate their victims, highlighting the need for robust cybersecurity measures to defend against ransomware attacks and domain takeovers.

“As ransomware-as-a-service proliferates and cybercriminals execute increasingly sophisticated assaults, the threat to cybersecurity becomes more acute,” said Dmitry Galov, head of research center, Kaspersky’s GReAT. “Ransomware strikes persist as a formidable menace, infiltrating critical sectors and preying on small businesses indiscriminately. To combat this pervasive threat, it's imperative for individuals and organizations to fortify their defenses with robust cybersecurity measures. Deploying solutions such as Kaspersky Endpoint Security and embracing Managed Detection and Response (MDR) capabilities are pivotal steps in safeguarding against evolving ransomware threats.”

The full report on the state of ransomware is available at Securelist.com.

On May 12 – Anti-Ransomware Day – Kaspersky is urging organizations to adhere to these best practices aimed at safeguarding their operations against ransomware attacks:

·       Always keep software updated on all your devices to prevent attackers from exploiting vulnerabilities and infiltrating your network.

·       Focus your defense strategy on detecting lateral movements and data exfiltration to the internet. Pay special attention to outgoing traffic to detect cybercriminals’ connections to your network. Set up offline backups that intruders cannot tamper with. Make sure you can access them quickly when needed or in an emergency.

·       Enable ransomware protection for all endpoints. There is a free Kaspersky Anti-Ransomware Tool for Business that shields computers and servers from ransomware and other types of malware, prevents exploits and is compatible with already installed security solutions.

·       Install anti-APT and EDR solutions, enabling capabilities for advanced threat discovery and detection, investigation and timely remediation of incidents. Provide your SOC team with access to the latest threat intelligence and regularly upskill them with professional training. All of the above is available within Kaspersky Expert Security framework.

·       Provide your SOC team with access to the latest threat intelligence (TI). The Kaspersky Threat Intelligence Portal is a single point of access for Kaspersky’s TI, providing cyberattack data and insights gathered by our team for over 20 years. To help businesses enable effective defenses in these turbulent times, Kaspersky has announced access to independent, continuously updated and globally sourced information on ongoing cyberattacks and threats, at no charge. Request access to this offer here.