Ransomware attacks have risen dramatically in recent years, with cybercriminals increasingly using them to steal or exploit data for financial gain. In fact, the growing impact of ransomware, and how cybersecurity companies tackle this threat, has featured prominently in our cybersecurity coverage here at Acceleration Economy.
An enlightening new analysis on the ransomware trend comes from Unit 42, Palo Alto Network’s incident response team, which quantifies ransomware’s impact and provides insight into attacker methodologies. The 2023 Unit 42 Ransomware and Extortion Threat Report turns the traditional, one-dimensional view of a ransomware attack on its head by introducing the prevalence of multi-faceted attacks using various extortion techniques.
Which companies are the most important vendors in cybersecurity? Check out
the Acceleration Economy Cybersecurity
Top 10 Shortlist.
The report examines 600 incident response cases, as well as the ransomware and extortion landscape, and forecasts how ransomware and extortion tactics might evolve. It explores common extortion methods, targets, heavily targeted regions, industries, and the ultimate goal of malicious actors.
Palo Alto Networks is on the Acceleration Economy Top 10 Shortlist of Cybersecurity Enablers.
Breadth of Extortion Tactics Is Expanding
One major tactic involves data theft. In 2022, 70% of incident response cases were ransomware and what’s known as business email compromise, or BEC. The 70% figure was a 30% increase from the previous year. One of the key tactics cybercrooks use to extort organizations is threatening to leak their data on illicit websites.
Another extortion tactic on the rise is the harassment of targeted people in an organization. The report found that harassment played a part in 20% of ransomware cases by the close of 2022, compared to under 1% in 2021.
The report also flagged other tactics, including encryption to lock users out of critical files and systems, as well as Distributed Denial of Service, or DDoS, attacks on customer-facing websites.
It found that 77% of intrusions are suspected to be a result of three initial access vectors: phishing, exploitation of known software vulnerabilities, and brute-force credential attacks.
Manufacturing Industry Is a Big Target
Unit 42 analysts found that the industry most often targeted by extortion gangs is manufacturing: a total of 447 manufacturing-related organizations had corporate data exposed on illicit websites.
The report’s creators believe the prevalence of manufacturing attacks could be caused by underperforming IT infrastructure and outdated software. Just below manufacturing in the targeted industries list were professional and legal services, then wholesale and retail, as well as finance, healthcare, and high tech.
Company size matters as well. Even though the number of companies from the Forbes Global 2000 targeted by ransomware attacks was small, just 30 in 2022, the report describes these attacks as “notable.”
How To Mitigate The Threat
Unit 42 analysts predict that throughout 2023, we can expect to see a major cloud ransomware attack, an increase in extortion from insider threats, increased political motivation, and extortion as a smokescreen to obscure infected supply chain or source-code attacks.
The report recommends three core actions to prepare for the threat of new and expanded forms of extortion. They include:
- Building a comprehensive incident response plan which includes crisis communications
- Providing ransomware harassment awareness training
- Conducting a post-mortem if your company has been attacked
In addition, my fellow analyst, Chris Hughes, has laid out clear and concise methods for mitigating the threat of ransomware attacks.
Want more cybersecurity insights? Subscribe to the Cybersecurity as a Business Enabler channel: