{"id":160,"date":"2024-09-06T16:45:51","date_gmt":"2024-09-06T16:45:51","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=160"},"modified":"2024-09-06T16:45:51","modified_gmt":"2024-09-06T16:45:51","slug":"ransomware-attacks-reach-record-highs-demands-and-payments-continue-to-soar","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=160","title":{"rendered":"Ransomware Attacks Reach Record Highs: Demands and Payments Continue to Soar"},"content":{"rendered":"

As IT complexity continues to rise, businesses are facing an increasingly challenging cybersecurity environment. Ransomware attacks have increased nearly 18 percent over the past year, according to a new report released by Zscaler\u2019s security research arm, ThreatLabz. This surge in activity has significantly disrupted business operations, causing prolonged downtime, data loss, and costly recovery efforts. Here\u2019s what you need to know to keep your business safe and secure.<\/p>\n

\n

TABLE OF CONTENTS<\/p>\n

Increasing Attacks and Payments<\/strong><\/h2>\n

The 2024 Ransomware Report<\/a> is based on data collected from Zscaler\u2019s cloud security platform, Zero Trust Exchange (ZTE), which processes more than 500 trillion signals daily. The data and ThreatLabz\u2019 analysis of ransomware samples use reverse engineering and malware automation to provide a comprehensive view of ransomware trends.<\/p>\n

Brett Stone-Gross, Zscaler\u2019s director of threat intelligence, said ransomware is one of the most significant threats companies face as part of the current cybersecurity environment<\/a>. \u201cWe\u2019re seeing increases in ransom demands, we\u2019re seeing increases in attacks, and we\u2019re also seeing increases in actual payment numbers,\u201d he told ZK Research in a recent interview.<\/p>\n

One of the key findings is the growing focus on high-value targets by groups like Dark Angels. The group has been effective by seeking out a few multibillion-dollar companies and extracting large ransoms while avoiding attention from law enforcement, resulting in a record ransom payment of $75 million by a Fortune 50 company\u2014nearly double the previous highest known amount. ThreatLabz believes the Dark Angels strategy may influence other ransomware groups in 2025, leading to more focused attacks on big companies.<\/p>\n

New Industries Being Targeted<\/strong><\/h2>\n

There is also a shift happening in terms of which industries are targeted. Manufacturing, healthcare, and technology sectors remain top targets due to the critical nature of their operations. The energy sector, in particular, saw a 500 percent increase in attacks in the last year. These sectors are attractive to cybercriminals because disruptions can have severe consequences, making companies more likely to pay ransom quickly.<\/p>\n

Another factor in these verticals is the rise of IT \/ OT integration. In my discussions with IT leaders, particularly in healthcare and manufacturing, organizations are connecting non-IT devices to their networks at an unprecedented rate. Most of these devices do not have any inherent security capabilities, leaving the door wide open for a threat actor to come in and hijack the company\u2019s data, leading to a ransom demand.<\/p>\n

My research shows that the number of IoT devices will nearly double in the next five years, growing from 16B today to 30B.<\/p>\n

The Most Active Ransomware Groups<\/strong><\/h2>\n

Despite efforts by law enforcement, ransomware attacks continue to rise. The report found a 58 percent increase in companies exposed to data leak sites compared to the previous year. The U.S. accounted for nearly 50 percent of all attacks, followed by the UK, Germany, Canada, and France. However, these statistics don\u2019t fully represent the total number of ransomware incidents, as many go unreported or are settled privately.<\/p>\n

\u201cIn terms of the number of attacks,\u201d Stone-Gross said, \u201cthe U.S. increased more than 100 percent, so it\u2019s a prime target. U.S. businesses are falling victim to these attacks more than any other country by far.\u201d<\/p>\n

The most active ransomware groups between 2023 and 2024 were LockBit, BlackCat, and 8Base. ThreatLabz identified five ransomware groups with different approaches that will likely be dominant in 2024 and 2025:<\/p>\n

Dark Angels:<\/strong> Targets a select few companies and steals large amounts of data before encrypting systems.<\/p>\n

LockBit:<\/strong> Targets many victims through a large affiliate network using various ransomware variants.<\/p>\n

BlackCat:<\/strong> Known for targeting multiple platforms until it shut down in March 2024, its evolving techniques will likely influence future operations.<\/p>\n

Akira:<\/strong> This newer group has gained attention with its aggressive affiliate-driven model and a ransomware variant that\u2019s hard to detect.<\/p>\n

Black Basta:<\/strong> This group has adapted to disruptions in its access networks by using social engineering tactics.<\/p>\n

Ransomware Forecast<\/strong><\/h2>\n

Looking ahead, the report predicts more attacks on high-value targets, an increase in voice-based social engineering (\u201cvishing\u201d) attacks, and an increased use of generative artificial intelligence<\/a> (AI) to create more convincing campaigns. AI-generated voices<\/a> with local accents are expected to make these attacks more effective and harder to detect.<\/p>\n

Ransomware attacks that focus on data theft rather than just encryption are also expected to rise. This approach allows criminals to operate more quickly and effectively, using the threat of data leaks to pressure victims into paying ransom. The healthcare sector will likely remain a prime target due to its valuable data and reliance on outdated systems.<\/p>\n

\u201cPreviously, ransomware groups would steal a few hundred gigabytes to maybe a terabyte of data,\u201d said Stone-Gross. \u201cNow, we\u2019re seeing tens of terabytes, up to a hundred terabytes of data. This is causing more pressure on companies to pay these large ransoms. We think that trend is going to continue.\u201d<\/p>\n

Combating Ransomware<\/strong><\/h2>\n

Stone-Gross said companies can take preventive measures to strengthen their cybersecurity strategies and stay informed on emerging threats. For example, multifactor authentication (MFA)<\/a> can add an extra layer of security, making it harder for unauthorized users to gain access. Meanwhile, keeping software up to date and applying the latest security patches as soon as they are available helps address existing weaknesses.<\/p>\n

\u201cMake sure you have network monitoring, endpoint monitoring, and an end-to-end layered approach,\u201d he said. \u201cIn addition to that, we recommend a zero trust architecture. Many companies that are falling victim to these attacks have flat networks. Someone authenticates with a VPN and has free range to access from there. With zero trust, you minimize your exposure. You can\u2019t attack what you can\u2019t see.\u201d<\/p>\n

Additionally, by enforcing least-privileged access, organizations can ensure that users only have access to resources for their specific roles. AI-powered network monitoring tools can examine user behavior and adjust access privileges. Together, these tools can prevent cybercriminals from escalating their access and moving deeper into the network.<\/p>\n

There is a rule of thumb that security pros should keep in mind and that complexity is the enemy of good security. Hybrid work, cloud computing<\/a>, mobile phones, and AI have all made the environment exponentially more complex and impossible to secure using old-school methodologies. Ransomware isn\u2019t going away so security leaders need to ensure that company data is protected as well as possible with up-to-date security technologies.<\/p>\n

Read about generative AI and cybersecurity<\/a> to learn more about about how companies use AI to protect their infrastructure.<\/strong><\/p>\n

The post Ransomware Attacks Reach Record Highs: Demands and Payments Continue to Soar<\/a> appeared first on eWEEK<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"

As IT complexity continues to rise, businesses are facing an increasingly challenging cybersecurity environment. Ransomware attacks have increased nearly 18 percent over the past year, according to a new report released by Zscaler\u2019s security research arm, ThreatLabz. This surge in activity has significantly disrupted business operations, causing prolonged downtime, data loss, and costly recovery efforts. […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-160","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/160"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=160"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/160\/revisions"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=160"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=160"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=160"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}