Ransomware Awareness Month, which takes place in July, firmly puts the topic front and center for organizations. While ransomware has been around since 1989, it continues to top the list of the most feared attack vectors.
Just last month, the cybercrime group, BlackSuit, claimed responsibility for recent ransomware attacks on CDK Global, a large SaaS vendor of Dealer Management Software (DMS) to auto retailers in the US and Canada. DMS enables auto dealers’ payroll, inventory, and customer and office operations and auto retailers use the software to add value, uniting consumers with financing and insurance options. The June 18 and 19 attacks forced CDK Global to shut its DMS software down, affecting 15,000 auto retailers. The attack resulted in delays in delivering cars to customers and parts for repairs as the CDK hack slowed or closed many stores with BlackSuit demanding tens of millions of dollars to end the onslaught.
29% Increase In Ransomware In Q1 2024
Recent statistics from KnowBe4 show a 29% increase in ransomware in Q1 2024 compared to Q1 2023 and Blackberry reports a 40% increase in new malware used in cyberattacks. KnowBe4 also highlighted that the global cost of ransomware continues to soar. Furthermore, a sneak preview from the ThreatQuotient State of Cybersecurity Automation Adoption Research Report, which will be launched later in the year, shows that ransomware was one of the top three common attack vectors targeting organizations along with phishing attacks and cyber-physical attacks as the other two top vectors cited by respondents.
Many organization armed themselves against ransomware, bad actors continue to evolve their models with many adopting a franchise approach, which means that more bad actors can jump on the ransomware bandwagon. Therefore, we must continue to be vigilant about ransomware attacks and ensure we are armed with the intelligence to understand where attacks will come from.
Why Good Cybersecurity Hygiene Is Critical
The events themselves, while they may shock an organization, are relatively formulaic – systems and data are held to ransom. There is nothing new about the attack style. However, most bad actors work on the premise that organizations don’t think it will happen to them. This is why good cybersecurity hygiene and, in particular, threat intelligence is important.
Threat intelligence enables security teams to gather, monitor and process information pertaining to possible active threats to the security of the organization. The information gathered by threat intelligence initiatives include details about cyberattack plans, methods, bad actor groups that pose a threat, possible weak spots within the organization’s current security infrastructure and more. By gathering information and conducting data analysis, threat intelligence tools can help organizations identify, understand, and proactively defend against attacks. Threat intelligence can help thwart attacks before they occur and strengthen an organization’s security infrastructure. This means that security analysts can utilize threat intelligence to refine their research and locate the malicious actor who is either planning or executing a ransomware attack. Threat intelligence simplifies the prevention process, particularly when facing bad actors who have carried out similar repeat attacks on other organizations.
Additionally, threat intelligence platforms can utilize machine learning, automated correlation processing, and artificial intelligence to pinpoint specific cyber breach occurrences and map patterns of behavior across instances. For example, analysts can easily recognize the common tactics, techniques, and procedures used by current ransomware attack groups. By identifying common attack methods, organizations can better prepare to disarm the effectiveness of these methods and prevent an attack. This enables in-house security teams to monitor threats and disable attacks that could cause huge amounts of potential damage.
Ultimately, if you don’t learn from outside your environment, once a ransomware attack is inside your network it may be too late. Threat intelligence enables organizations to be proactive about potential threats because once ransomware takes hold of your systems there is not much you can do.
Ransomware Trends
It is worth noting that the landscape for ransomware is evolving and while I said earlier that there is nothing new about the attack format itself, below I’ve listed out a few trends to watch for in terms of the way ransomware groups are targeting their activities:
- Increased targeting of supply chains: Ransomware attackers are increasingly targeting critical infrastructure and supply chains, causing widespread disruptions. Businesses need to be vigilant about the security practices of their vendors and partners.
- Ransomware-as-a-Service (RaaS) model expansion:The RaaS model or franchise is likely to become even more prevalent. Making it easier for anyone to launch a ransomware attack, regardless of their technical expertise.
- Focus on data exfiltration: Data is the new gold and ransomware attacks tend to focus more on data exfiltration which puts even more pressure on victims to pay the ransom.
- Rise of ransomware-for-hire services:There is a growing concern about the emergence of ransomware-for-hire services, where cybercriminals offer their expertise to attackers for a fee
As outlined in the stats above, the risk of suffering a ransomware attack is high and organizations must take proactive steps to protect themselves and minimize the impact of a potential breach. Prevention is key, and protecting against ransomware requires visibility outside the organization which threat intelligence can provide, because once the bad actors are in your systems, you might find that you have already become the latest ransomware victim.
