Coinciding with World Ransomware Awareness Day on May 12, the latest research from Kaspersky has revealed a troubling trend in the global cybersecurity landscape, with ransomware attacks representing one-third of cyber incidents in 2023. The report highlights the rising threat of targeted ransomware groups, which saw a 30% increase worldwide compared to 2022, alongside a 71% increase in the number of known victims.
The company's research, covering the years 2022 and 2023, revealed a concerning escalation from targeted ransomware groups. Data showed a remarkable global surge in the number of these groups, up by 30% compared to 2022, accompanied by a 71% increase in the number of victims known for their attacks. Unlike random attacks, these targeted groups focus on government agencies, prominent organizations, and specific individuals within institutions. As cybercriminals continue to organize complex and large-scale attacks, their threat to cybersecurity has become greater than ever.
In 2023, the Lockbit 3.0 ransomware emerged as the most prevalent ransomware, leveraging a leaked building tool in 2022 to produce several customized versions targeting organizations worldwide. BlackCat/AlphV ranked second until December 2023, when collaborative efforts from the FBI and other agencies disrupted its operations. However, BlackCat quickly resurfaced, demonstrating the resilience of ransomware groups. In third place was CL0p, which breached the managed file transfer system MoveIt, impacting over 2,500 organizations by December 2023, according to the New Zealand security firm Emsisoft.
In the "2023 Ransomware Situation Report," Kaspersky identified several notable ransomware families, including BlackHunt, Rhysida, Akira, Mallox, and 3AM. Furthermore, as the ransomware landscape evolves, smaller and more elusive groups are emerging, posing new challenges for law enforcement authorities. According to the research, the rise of ransomware-as-a-service (RaaS) platforms has further complicated the cybersecurity landscape, underscoring the need for proactive measures.
The company's incident response team noted that ransomware incidents were responsible for one-third of cybersecurity incidents in 2023. The research highlighted attacks through contractors and service providers as key vectors, facilitating the execution of widespread attacks effectively. Overall, ransomware groups displayed an advanced understanding of network vulnerabilities, utilizing a variety of tools and methods to achieve their objectives.
Dmitry Galov, Head of the Global Research and Analysis Team (GReAT) at Kaspersky, commented: "With the spread of ransomware-as-a-service and the increasingly complex attacks executed by cybercriminals, the threat to cybersecurity becomes more acute. Ransomware attacks remain a significant threat, infiltrating critical sectors and indiscriminately affecting small businesses. To combat this pervasive threat, it is crucial for individuals and organizations to bolster their defenses with robust cybersecurity measures."
### Kaspersky's Recommendations
The company advises organizations to adhere to best practices aimed at protecting their operations from ransomware attacks, including:
- Always update software on all devices to prevent attackers from exploiting security vulnerabilities and infiltrating your network.
- Focus your defensive strategy on detecting lateral movement within networks and data leakage over the internet.
- Pay special attention to outgoing data flows to identify cybercriminal communications with your network.
- Set up offline backups of your data, so intruders cannot tamper with them, and ensure you can access them quickly when needed or in emergencies.
- Enable ransomware protection solutions on all endpoints.
- Install advanced persistent threat (APT) protection solutions and endpoint detection and response (EDR) solutions, allowing for the detection, identification, investigation, and timely remediation of advanced threats.
- Provide your Security Operations Center (SOC) team with access to the latest threat intelligence and regularly enhance their skills through professional training.
