Ransomware has grown by 466% since 2019 and is increasingly being used as a precursor to physical war as seen in the Russia conflict in Ukraine and the Iran and Albania cyber war, according to recent research.
In a ransomware attack, hackers break into a company’s network and block access to crucial and sensitive files, demanding a ransom to return that access. The company and its employees are blocked from accessing any of the files till the ransom is paid, resulting in business disruption and huge financial loss.
The report by IT services and security firm Ivanti, which also announced the results of the Ransomware Index Report Q2-Q3 2022, also said that most IT and security teams lack a complete view of all the vulnerabilities that exist and sufficient threat context around those that pose the most risk.
As per the report, ransomware groups are continuing to grow in volume and sophistication with 35 vulnerabilities becoming associated with ransomware in the first three quarters of 2022 and 159 trending active exploits. Complicating matters, lack of sufficient data and threat context is making it hard for organizations to effectively patch their systems and efficiently mitigate vulnerability exposure.
The report identified 10 new ransomware families (Black Basta, Hive, BianLian, BlueSky, Play, Deadbolt, H0lyGh0st, Lorenz, Maui, and NamPoHyu), bringing the total to 170. With 101 CVEs to phish, ransomware attackers are increasingly relying on spear phishing techniques to lure unsuspecting victims to deliver their malicious payload.
Pegasus, the report said, is a powerful example where a simple phishing message was used to create initial backdoor access coupled with iPhone vulnerabilities lead to infiltration and compromise of many worldwide figures.
The report also identified two new ransomware vulnerabilities (CVE-2021-40539 and CVE-2022-26134), both of which were exploited by prolific ransomware families such as AvosLocker and Cerber either before or on the same day they were added to the National Vulnerability Database (NVD). These statistics emphasize that if organizations rely solely on NVD disclosure to patch vulnerabilities they will be susceptible to attacks.
“IT and security teams must urgently adopt a risk-based approach to vulnerability management to better defend against ransomware and other threats,” said Srinivas Mukkamala, Chief Product Officer at Ivanti. This includes leveraging automation technologies that can correlate data from diverse sources (network scanners, internal and external vulnerability databases, and penetration tests), measure risk, provide early warning of weaponisation, predict attacks, and prioritize remediation activities.
Additionally, the report analyzed the impact of ransomware on critical infrastructure, with the three worst-hit sectors being healthcare, energy, and critical manufacturing. The report revealed that 47.4% of ransomware vulnerabilities affect healthcare systems, 31.6% affect energy systems, and 21.1% affect critical manufacturing.
India is seeing a dramatic spike in ransomware attacks in recent months. In September 2022, Japanese cyber security firm Trend Micro said around 75% of Indian firms have been hit by ransomware attack in the last three years, since 2019.
Many companies in India, including small businesses (with up to 500 employees) are struggling to comply with the Indian Computer Emergency Team’s (CERT-In) new cybersecurity rules, which require companies to report security incidents within six hours of detection, among other issues. They also require virtual private network (VPN) providers to track user data and submit the same to the government when asked for the same.
CERT-In, which saw ransomware attacks jumped during the first half of this year, rising 51% from the previous year, identified post-Covid digitisation, hybrid work culture, modernisation of attack tool kits, and evolution of ransomware as a service to be the key reasons behind these attacks.
Another report published by security firm NordLocker last month too revealed that businesses accounted for 54% of ransomware attacks in the country between January 2020 and July 2022.