Ransomware: Still Dangerous After All These Years
Almost every time a ransomware report is released, I’m reminded of two things: The ongoing threat it poses and some bold declarations made a few years ago at RSA that claimed ransomware was dead.
Clearly, from the findings of Zscaler ThreatLabz’s recent Ransomware Report, only one of those things is true, and it’s not the latter. Researchers found a 146% spike in aggressive extortion attacks blocked by Zscaler cloud, with researchers saying the increase “reflects a strategic shift,” one that sees ransomware groups prioritizing extortion over encryption.
Trey Ford, CISO at Bugcrowd, found the shift from “encryption to straight extortion” interesting. “A couple of hypotheses behind that change in behavior might include a sense of conscience around impact (life, health, safety) when taking critical infrastructure offline, and a modicum of risk management reflecting the marked shift in legal pursuit of these criminal groups,” he says.
The surge in attacks and jolt up in aggressive extortion tactics “reflects a critical transformation in the threat landscape and supports industry-wide observations of a shift toward extortion over simple encryption,” says Neko Papez, senior manager, cybersecurity strategy, Menlo Security. “Despite the evolution in attack objectives,” Papez says, “the underlying techniques for obtaining initial access remain largely constant.”
Menlo has its own research out, showing “a sharp increase in browser-based attacks: Within the last year, browser-based phishing grew by 140% and zero-hour phishing attempts leapt by 130%,” Papez says, indicating that “phishing and abusive cloud hosting services continue to be the most prevalent and effective method for cybercriminals to gain initial access and deliver malware, including ransomware, into an organization’s environment.”
AI and evasive phishing kits are powering more sophisticated techniques that attackers use to bypass traditional security controls. “Over the last 12 months, Menlo found that more than 752,000 browser-based phishing attacks were detected, with one in five employing evasive tactics,” says Papez.
Pesky key ransomware groups — with Akira and Clop leading the way — nicked 238TB of data in just one year’s time (last year, in comparison, saw 123TB of data stolen), according to Zscaler ThreatLabz researchers. An analysis of data leak sites showed a 70% rise in public extortion cases. And, troublesome to say the least, there was a 92% uptick in data exfiltration volumes. That means ransomware is widespread and dangerous with bad actors improving their corrupt chops and having greater success in tapping and exposing data.
“For some organizations, loss of data, loss of trust and confidence from customers, consumers, partners and investors, can be every bit as damaging, while managing the risky downside of locking down a company,” says Ford.
That’s particularly worrisome if you are in one of the top targeted industries — in this report identified as manufacturing, technology and healthcare. While we’re on the subject of targets, Zscaler ThreatLabz found that attacks in the Oil & Gas sector soared 935%. Not surprising, given the criticality of energy and the geopolitical dynamics these days.
Also, it won’t come as any surprise that half of the attacks were aimed at U.S. entities.
To combat ransomware and other threats, “organizations can no longer afford to be reactive,” says Frankie Sclafani, director of cybersecurity enablement at Deepwatch, who believes that the future of cybersecurity “demands a proactive and adaptive stance” that prioritizes “robust behavioral detection and response tools — the kind that can spot anomalous activity no matter how cunningly disguised.”
Ironclad patch management, multi-factor authentication, meticulous network segmentation and rigorously tested incident response plans must all be top of mind, he says, noting it is no longer good enough for defense “just keep pace with offense; it must leap ahead, harnessing AI-driven insights to anticipate and neutralize threats before they can even fully materialize.”
BeyondTrust Field CTO James Maude urges investment in shifting left and thinking “more about securing identities and access to reduce our attack surface and blast radius in the event of compromise rather than just thinking post breach.”
No doubt, reports of ransomware’s impending death back in the day were greatly exaggerated, and reports like Zscaler’s underscore the importance of never underestimating it even when we grow tired of encouraging cyber hygiene and security measures that organizations should already be taking.
