On December 12th, 2022, there was a in the Swedish municipalities of Borgholm and Mörbylånga that rendered a range of critical services from both municipalities unavailable. Although the nature of the intrusion is still undisclosed, it seems to be part of a wider trend of global ransomware attacks.
On January 10th, the detected a cyber incident affecting delivery and collection across the UK.
In even more recent news, the has declared a local state of emergency because of a ransomware attack that forced the city to take all its IT systems offline on February 8th.
But what is a ransomware attack, who are the targeted groups, and how can organizations protect themselves?
Changing Tactics in Ransomware Attacks
Ransomware is malicious software that encrypts a company’s data, preventing access to data until the ransom payment is paid and a decryptor is released.
In 2021 there were attacks worldwide, an increase of 105% over 2020 figures. Most of these targeted ransomware attacks have been on the rise since the shift to remote and hybrid work.
However, in 2022, the volume of ransomware attacks . As organizations feel this indicates cybersecurity prevention is helping prevent these crimes, the crimes are evolving into new levels.
Most ransomware groups are opting for the double-extortion model, threatening to expose the compromised data, for additional leverage to collect ransom payments. These high profile attacks bring more sophistication of modern cyber-attacks imposing new dangers to both organizations and individuals.
Ransomware Payments on the Rise
Despite the decrease in number of ransomware attacks, payment demands are on the rise.
In 2021, the average ransomware payment was . In 2020, it was $312,000, while in 2019, it was $115,000. The price goes higher when attackers go after high-profile individuals and entities.
In the incident of the Royal Mail ransomware, the LockBit hacker set a , which they claimed was equal 0.5% of the company’s revenue, in exchange for decrypting the files.
Another 2022 ransomware attack against the government of Costa Rica, the perpetrators demanded a $10 million ransom in exchange for not releasing the stolen information.
Global Ransomware Statistics
The shares the latest trends and developments of the most active ransomware groups.
Here are the most interesting findings from the Outpost24 research team:
- A total of 2,363 disclosed victims (businesses) by various ransomware groups on data leak sites in 2022.
- From the 101 different countries that registered victims on data leak sites, 42% of them are from the United States alone, while around 28% come from European countries.
- Ransomware victims tend to be based in wealthy western countries, as the RaaS operators tend to make more money out of them.
- Threat actors are primarily targeting organizations that may have a higher capacity to pay a ransom, making them a global threat. Yet, this doesn’t necessarily mean that organizations with less revenue are exempt from risk.
Protection on the Frontline from Ransomware Attacks
Ransomware is the fastest-growing cybercrime category. Most organizations are concerned about ransomware, but many may lack the resources to keep up with the latest threats.
For these organization, we recommend auditing their corporate credentials with . Stolen or weak credentials is one of the most common ways in which bad actors can get into your system to initiate a ransomware attack.
With the free Specops Password Auditor, you can audit your Active Directory passwords against a list of over 930 million compromised passwords. The findings from the audit report can help you gauge your threat profile, helping you craft the appropriate defense strategy.
For a more proactive approach with a paid solution, you can block vulnerable credentials from being used in Active Directory altogether. can prevent the use of over 3 billion compromised passwords, easy-to-guess passwords, and strengthen password policies to align with regulatory requirements like NIST.
Finally, for credential protection beyond Active Directory, we recommend . The solution offers a credential module to detect compromised credentials in real-time.
Sponsored and written by