Law enforcement triumphs over the Hive, Conti and REvil ransomware gangs in the last 12 months haven’t blunted the use of the technology, says a new report from OpenText.
“Despite these victories against high profile gangs, a decade since it first emerged, ransomware remains the most significant cyber threat facing small and midsize
organizations,” the Waterloo, Ont., based company says in its annual Cybersecurity Threat Report.
“Ransomware groups continue to experiment and evolve their tactics amidst an everchanging and very active threat landscape.”
Several industry sources claim the volume of new attacks launched against them is declining, the report says, and some suggest that the rate of ransomware incident responses has decreased slightly. “However,” the report says, “there’s no evidence of a corresponding decrease in the number of organizations whose names are listed on public ransomware leak sites, and the average ransom payment remains remarkably high.”
There’s also evidence that ransomware groups and their affiliates are increasingly targeting
smaller companies, the report says, because gangs can launch less risky, lower-profile attacks. “Even if each individual payment [from small companies] is smaller, launching such attacks can be enormously profitable if done at great volume,” the report points out.
Recent volatility in reported average ransomware payments — they dropped early in 2022, then leapt at the end of the year — may also indicate that, at the beginning of the year at least, some larger organizations “are simply refusing to pay ludicrously high ransoms,” the report adds.
With as many as 84 per cent of ransomware attacks now including threats of data leakage, a growing number of cybercriminal groups appear to be foregoing encryption entirely and simply stealing data and threatening to publish it, the report says. This strategy eliminates the need for expertise in cryptography, storing and managing decryption keys, and the ability to deploy file-encrypting malware across an organization’s entire infrastructure, it notes.
As for efforts by regulators to fine companies after a ransomware attack for failing to protect data, “there’s little to no evidence that fines for breaches or ransomware attacks do anything other than incentivize victims to reward attackers by paying the ransom,” the report argues.
Organizations must adopt a multi-layered strategy to protect themselves from as many potential attack strategies as possible, says the report. Ransomware attackers can often breach individual layers – but usually not all of them at the same time. “By tactically combining overlapping protections, companies can significantly reduce the risk that an attack will succeed.”
At a minimum, says the report, every organization should:
- inspect all incoming emails for malicious attachments and block potential threats;
- keep all PCs and servers fully patched;
- run effective antivirus and endpoint protection software on every device on the network and within the organization;
- train users on how to spot phishing emails and avoid other types of social engineering;
- back up all critical systems and files regularly.