Ransomware threats are fast becoming lethal, shows study

Almost every other day, ‘ransomware’ updates pop up in countless headlines worldwide and it is not surprising that a surge in ransomware groups is leading to massive disruption world over. Now a new report by cybersecurity firm Ivanti revealed that ransomware operators continue to weaponise vulnerabilities faster than ever, with ransom threats increasingly becoming ‘lethal’ in nature.  

Ivanti’s latest index found that there’s been a 7.6% jump in the number of vulnerabilities associated with ransomware in Q1 2022, compared to the end of 2021. While no organisation can escape ransomware attacks, those in the healthcare, financial and government are targeted more aggressively in recent months and the trend is here to stay, it said.   

The report uncovered 22 new vulnerabilities tied to ransomware (bringing the total to 310), with 19 being connected to Conti, one of the most prolific ransomware groups of 2022. Conti has pledged support for the Russian government following the invasion of Ukraine. Around the world, vulnerabilities tied to ransomware have skyrocketed in two years from 57 to 310, it said.  

Also read: Nearly 80% of Indian organisations faced ransomware attack in 2021

Additionally, the report showed that any minor laxity in security measures by third-party vendors and organisations is sufficient for ransomware groups to enter and infiltrate vulnerable networks.   

To make matters worse, some of the most popular scanners are not detecting several key ransomware vulnerabilities. The research also revealed that over 3.5% of ransomware vulnerabilities are being missed, exposing organisations to grave risks.  

“The fact that scanners are not detecting critical ransomware vulnerabilities is a huge problem for organisations,” said Aaron Sandeen, CEO of Cyber Security Works.   

While the research saw the number coming down from previous year, there are still 11 ransomware vulnerabilities that the scanners are not detecting where five are rated critical and associated with notorious ransomware gangs like Ryuk, Petya and Locky.  

At the same time, 169 vulnerabilities with ransomware associations have yet to be added to the US Cybersecurity and Infrastructure Security Agency (CISA) — Known Exploited Vulnerabilities (KEV) list. Meanwhile, hackers worldwide are actively targeting hundreds of these vulnerabilities, scouting organisations for one unpatched instance to exploit.  

Also read: Over 75% ransomware hit orgs pay to get data access back

“Threat actors are increasingly targeting flaws in cyber hygiene, including legacy vulnerability management processes,” Srinivas Mukkamala, senior vice president & general manager of security products at Ivanti, said.   

Mukkamala said, "Today, many security and IT teams struggle to identify the real-world risks that vulnerabilities pose and therefore improperly prioritise vulnerabilities for remediation.”  

For example, many only patch new vulnerabilities or those that have been disclosed in the NVD. Others only use the Common Vulnerability Scoring System (CVSS) to score and prioritise vulnerabilities.   

“To better protect organisations against cyberattacks, security and IT teams need to adopt a risk-based approach to vulnerability management. This requires AI-based technology that can identify enterprise exposures and active threats, provide early warnings of vulnerability weaponisation, predict attacks and prioritise remediation activities.”

Another report published by Sophos earlier this month, found that 68% of organisations globally (and nearly 80% in India) were the victims of a ransomware attack last year, a 78% increase from the year before. The report suggested that ransomware now becoming one of the most predominant attack vectors affecting the bottom line of organisations globally. As Anuj Goel, co-founder and CEO at Cyware, observed, “A major concern that has surfaced is the lack of complete threat visibility for security teams owing to cluttered threat intelligence available across sources.”  

He recommends that security teams must tie their patch and vulnerability response to a centralised threat intelligence management workflow that drives complete visibility into these attack vectors.