The Ransomware Climate is Changing Fast

Boards and senior executive leaders, like the rest of us, are waking up every morning to news of another devastating ransomware attack. It’s obvious the ransomware climate is constantly changing but many are wondering how the specific changes will affect their business. Last week we hosted a webinar reflecting on the new and critical changes in the world of ransomware risk.

A Global Warming for the Ransomware Risk Climate

Regarding what has changed within the ransomware climate, the answer boils down to four main topics. First, 77% of attacks now include data exfiltration, as opposed to the 50% at the start of the year. Second, Linux payloads now enable attacks on Linux infrastructures, whereas previously Windows machines were almost exclusively targeted. Third, a new attack style of extortion without encryption has become popularized. Fourth and finally, Congress and the upper levels of the executive branch of the U.S. government are rapidly becoming aware of the threat to the nation’s infrastructure. In this blog post, these four topics will be more discussed in more detail.

Your Data is More at Risk Than Ever 

In today’s overarching society, your data is constantly at risk. As a consumer, nearly every website wants to track you, apps always ask for your location, and hackers have evolved to a point where any reused password is a liability. While the methods aren’t the same for corporate ransomware attacks, the over increasing threat to your data is. According to a study done by Coveware, data exfiltration is becoming as common as data encryption events. Just in January of this year, data exfiltration events occurred roughly 50% of the time. Now, Coveware estimates 70% of all ransomware attacks are data exfiltration events. Stolen info is becoming a more consistent trend, meaning hacks become data security issues as well as threats to overall business operations. Companies now have to focus on the aftermath of an incident just as much as they have to worry about the event as it occurs.

A New Payload Means New Trouble

Windows systems have historically been targeted the most, as the internal frameworks of these networks have been most welcoming to hackers. Since the start of the year though, Linux systems have started to get targeted as well. Linux payloads have been developed and recently put into action. As Axio President, Dave White says, hackers have budgets too. Dedicated hackers can use some of the money they make from ransoms or hacked accounts to “reinvest in their business” and develop new methods for previously inaccessible systems. VMware is just one example of this new trend of Linux attacks. While the visible issue is, of course, the new attacks, the underlying worry here is that hackers are expanding their range of targets. Systems that have previously been considered safer than others soon may no longer be able to claim that, as there are ongoing worries that hackers will continue to expand their arsenal of weapons.

Extortion Minus the Encryption

In line with what has been previously discussed, trends of hackers in previous years are seemingly being left behind. Attackers previously locked up systems and encrypted data so as to force a ransom, as companies can’t operate if their data is encrypted. However, in 2019 and 2020, hackers began to realize that the most valuable content is the data itself. They locked systems up as they did previously, to force a bounty, but also began exfiltrating the data to sell to third parties to increase their margins further. As mentioned earlier, these types of attacks now make up roughly 70% of all ransomware attacks. Recently, hackers have even begun attempting to exfiltrate data without deploying ransomware at all, demonstrating the sheer leverage of stolen data. One unnamed group in particular has declared they will no longer deploy ransomware at all and will exclusively focus on data extraction. This trend forces an immediate consideration of security protocols amongst boards and executives.

Congress is on the Case

Despite all the news stories regarding ransomware attacks that imply cybercrime is running unchecked, Congress is actively working to provide the necessary funding and security infrastructure to assist in preventing future attacks. There are an estimated 115 bills prepared for or being discussed in Congress right now designed to combat ransomware. The issue has become so visible over the past year that ransomware protection has become one of the few topics in Congress that has bilateral support, and Congress is committed to moving quickly to provide that support as soon as possible. In the meantime, the increased focus on ransomware attacks may work to disincentivize attackers, as most hackers and cybercriminals try to avoid the spotlight and would prefer to not be under a judicial pressure cooker. They tend to work best when attacks are unexpected and have no true legal ramifications.

Actively Work to Protect Yourself

Ransomware trends have been rapidly changing over the years and have moved even more quickly since the start of 2021. It is vital that board members and executives move quickly and regularly to protect themselves from the ongoing threats directed towards them and their organization. Here at Axio, we recognize this threat better than anyone. Click this link to access our free ransomware assessment tool, which also comes with three free assessments you can explore. If you’d prefer to speak with an expert at Axio regarding building a Ransomware Action Plan, fill out the form below and a representative will reach out shortly.


Learn more about our Ransomware Preparedness Assessment.



*** This is a Security Bloggers Network syndicated blog from Axio authored by Axio. Read the original post at: