Home » Security Bloggers Network » Lessons Learned from Ransomware in 2022
Lessons Learned from Ransomware in 2022
Tracking ransomware attacks in the news over the last 36 months has given us some important insight and salient lessons learned from ransomware and about tackling this escalating problem. Ransomware in 2022 has been the busiest year so far, we take a look at the top 10 lessons learned from 2022.
1. Ransomware isn’t going away
2. Under resourced sectors continue to be the most heavily targeted
Education, government, and healthcare were consistently in the top 3 most targeted sectors in 2022 and we don’t expect this to change in 2023. Lack of budget and a general lack of resources and skills shortages make these data rich sectors ripe for the pickings. Ransomware caused massive disruption across hospitals, schools, and local governments around the world in 2022 and we expect this to continue into 2023.
3. Cybercriminals have moved on from encryption
Back when we started tracking ransomware, encryption was the worst thing companies thought could happen. Fast forward to 2022 and encryption has pretty much fallen out of favour with cybercriminals. Previously organizations could rely on backups and refuse to negotiate when it came to ransom demands. In 2022 extortion ruled, cybercriminals know the value of data, and threatening to release it if a ransom isn’t paid was the tactic of choice.
4. It’s all about the data
The goal of any cyberattack is data theft and data is the crown jewels for any organization. Whether its intellectual property, patient records, student information or financial data, cybercriminals are intent on acquiring it for extortion. Often, we see double and even triple extortion.
5. Cybercriminals can have a conscience
In 2022 healthcare came under massive attack and the list of organizations impacted was extensive. In 2020 some criminal gangs even agreed to a moratorium on healthcare institutions during the pandemic, but in reality, you can’t trust criminals. In any case, the Toronto Hospital for Sick Children was attacked just before Christmas. On New Year’s Eve the notorious LockBit gang issued an apology and a free decryptor to unlock the data. As far as we are aware this is a first for the group.
6. All organizations are a target
Cybercriminals always look for the path of least resistance, so smaller organizations, who can be guilty of thinking they have no data worth stealing are still often caught off guard. Every organization has data worthy of theft, and any breach is still a reportable offence. While cybercriminals are financially motivated, they are also motivated by causing disruption. We’ve documented attacks across every sector with companies all of sizes, and ransomware is one thing they all have in common.
7. Traditional cybersecurity solutions aren’t enough
When we look at some of the large companies who made headlines in 2022 such as Toyota, Ikea, Vodafone, Cisco and Samsung, it’s pretty clear that perimeter defense solutions which organizations have come to rely on aren’t up to the task of preventing ransomware. These large organizations have large budgets, large security teams and a plethora of security tools, yet they make the victim lists month after month. A key takeaway is that if companies keep doing what they’re doing they’ll keep getting what they’re getting – hit by ransomware! Newer technologies that look at the problem from a different perspective will need to be prioritized in 2023 to prevent successful attacks.
8. Class action lawsuits are on the rise
The cost of ransomware goes well beyond the ransom itself, from mitigation, remediation and lost business to regulatory reporting. Now companies must also worry about class action lawsuits. 2022 saw a myriad of these, including: Common Spirit Health; Scripps Health; RackSpace; New York Ambulance Service and Morley Companies to name just a few.
9. Throwing money at the problem isn’t always the answer
This is true in more ways than one. Firstly, paying the ransom isn’t going to solve all the problems. You may get your data back, you may even get a promise that your data won’t be sold or exposed on the dark web, but you really can’t trust a cybercriminal. Secondly, throwing money at new solutions that tackle the problem in the same way as the other 20 you have in your stack isn’t going to work either. The cyberthreat landscape is constantly changing and so should be your defense. Newer technologies that have been specifically designed to prevent ransomware should be carefully evaluated in 2023.
10. Cyber Insurance isn’t a substitute for Cybersecurity
Last year we predicted that insurance carriers would strengthen their requirements for providing cyber insurance coverage. This has accelerated even faster than we predicted in 2022. In 2022 the cost of cyber insurance went up 79% compared to 2021 as insurers dealt with an unprecedented number of attacks, with many adding new restrictions and mandates to their policies. As cyberattacks have become more sophisticated, so have the insurers. While cyber insurance is an important element, it’s simply one of the many layers of protection that every organization needs to consider. Insurance carriers are raising the bar even further in 2023 so organizations will need to ensure they are doing everything they can to prevent ransomware in order to secure coverage.
*** This is a Security Bloggers Network syndicated blog from BlackFog authored by Brenda Robb. Read the original post at: https://www.blackfog.com/lessons-learned-from-ransomware-in-2022/