33.7 C
Casper
Sunday, July 14, 2024

Ransomware Caused a Third of Cyber Incidents: Kaspersky

Must read

Kaspersky’s report finds a 30% rise in targeted ransomware groups and a 71% increase in victims. LockBit 3.0 was the most prevalent ransomware, while RaaS platforms complicate cybersecurity. Kaspersky urges businesses to adopt robust defenses and backup solutions.

Ahead of International Anti-Ransomware Day on 12 May, Kaspersky’s latest research reveals a concerning trend in the global cybersecurity landscape, with ransomware attacks accounting for every third cyber incident in 2023. The report sheds light on the escalating threat of targeted ransomware groups, which have seen a 30% increase globally compared to 2022, along with a 71% surge in known victims.

Kaspersky’s 2022 and 2023 research revealed a worrisome escalation in targeted ransomware groups. The data indicated a staggering 30% global increase in the number of these groups compared to 2022, accompanied by a 71% surge in known victims of their attacks. Unlike random assaults, these targeted groups target government agencies, prominent organizations, and specific individuals within enterprises. As cybercriminals continue to orchestrate sophisticated and extensive attacks, the cybersecurity threat grows more pronounced.

In 2023, Lockbit 3.0 emerged as the most prevalent ransomware, leveraging a builder leak in 2022 to spawn custom variants targeting organizations worldwide. BlackCat/ALPHV ranked second until December 2023, when a collaborative effort by the FBI and other agencies disrupted its operations. However, BlackCat quickly rebounded, underscoring the resilience of ransomware groups. Third on the list was Cl0p, which breached the managed file transfer system MOVEIt, impacting over 2.5 thousand organizations by December 2023, according to New Zealand security firm Emsisoft.

In its 2023 State of Ransomware report, Kaspersky identified several noteworthy ransomware families, including BlackHunt, Rhysida, Akira, Mallox, and 3AM. Moreover, as the ransomware landscape evolves, smaller, more elusive groups emerge, posing new challenges to law enforcement. According to the research, the rise of Ransomware-as-a-Service (RaaS) platforms further complicated the cybersecurity landscape, emphasizing the need for proactive measures.

Kaspersky’s incident response team noted that ransomware incidents accounted for every third cybersecurity incident in 2023. In the research, attacks via contractors and service providers emerged as prominent vectors, facilitating large-scale assaults with alarming efficiency. Ransomware groups demonstrated a sophisticated understanding of network vulnerabilities, utilizing various tools and techniques to achieve their objectives. They used well-known security tools and exploited public-facing vulnerabilities and native Windows commands to infiltrate their victims, highlighting the need for robust cybersecurity measures to defend against ransomware attacks and domain takeovers.

“As ransomware-as-a-service proliferates and cybercriminals execute increasingly sophisticated assaults, the cybersecurity threat becomes more acute. Ransomware strikes persist as a formidable menace, infiltrating critical sectors and preying on small businesses indiscriminately. Individuals and organizations must fortify their defenses with robust cybersecurity measures to combat this pervasive threat. Deploying solutions such as Kaspersky Endpoint Security and embracing Managed Detection and Response (MDR) capabilities are pivotal to safeguarding against evolving ransomware threats,” commented Dmitry Galov, head of the research center, Kaspersky’s GReAT.

Also Read: Why Identity Security Should Be the Foundation of Modern Cybersecurity

Read the full report on the State of ransomware at Securelist.com.

On May 12 – Anti-Ransomware Day – Kaspersky is urging organizations to adhere to these best practices aimed at safeguarding their operations against ransomware attacks:

  • Always keep software updated on all your devices to prevent attackers from exploiting vulnerabilities and infiltrating your network. 
  • Focus your defense strategy on detecting lateral movements and data exfiltration to the internet. Pay special attention to outgoing traffic to detect cybercriminals’ connections to your network. Set up offline backups that intruders cannot tamper with. Make sure you can access them quickly when needed or in an emergency. 
  • Enable ransomware protection for all endpoints. The free Kaspersky Anti-Ransomware Tool for Business shields computers and servers from ransomware and other types of malware prevents exploits and is compatible with already installed security solutions. 
  • Install anti-APT and EDR solutions, enabling capabilities for advanced threat discovery and detection, investigation, and timely incident remediation. Provide your SOC team with access to the latest threat intelligence and regularly upskill them with professional training. All of the above is available within the Kaspersky Expert Security framework.
  • Provide your SOC team access to the latest threat intelligence (TI). The Kaspersky Threat Intelligence Portal is a single access point for Kaspersky’s TI, providing cyberattack data and insights gathered by our team for over 20 years. To help businesses enable effective defenses in these turbulent times, Kaspersky has announced access to independent, continuously updated, and globally sourced information on ongoing cyberattacks and threats at no charge. Request access to this offer here.

More articles

Latest posts