3 min read

Ransomware’s New Playbook: Targeted Attacks, Increased Accessibility, and the Importance of Backups

Stay informed of the changing threat landscape and provide the solutions and services that your clients need to defend against ransomware attacks.

Ransomware has grown to be one of the most significant cyberthreats, and ransomware groups are constantly innovating to launch new types of attacks that exploit vulnerabilities and catch users off-guard. Ransomware groups had their best year in 2023, claiming more than 4,300 victims, a 55 per cent increase over 2022. In 2024, expect to see more targeted attacks aimed at specific industries, large companies and government entities. However, technology solutions providers (TSPs) must also protect their own organisations from ransomware.

Why Ransomware Attacks Are Increasing

The reason that ransomware has become a prevalent type of cyberattack is simple: It’s big business. Ransomware groups received USD 1.1 billion in 2023, nearly doubling the previous year’s total of USD 567 million. High-value targets like British Airways and BBC grabbed the headlines, but numerous smaller organizations also fell victim. One attack that impacted small enterprises began by exploiting the file transfer service MOVEit.

Another reason ransomware attacks are ubiquitous is because they’ve become easier to orchestrate. Ransomware as a Service (RaaS) provides the means for conducting cyberattacks systematically.

 

New call-to-action

 

Furthermore, by harnessing the power of artificial intelligence (AI), cybercriminals are increasing the speed of attacks, often able to launch an attack within 24 hours of discovering a vulnerability. Considering that organisations can take 60 days to patch critical risk vulnerabilities, ransomware groups appear to have the upper hand.

Another growing ransomware trend fuelling the ransomware risk is hackers’ preference for software supply chain attacks. In these attacks, cybercriminals target one of your trusted vendor partners, injecting malicious code into the software you use or that you provide to your customers.

One of the most famous examples of this was the SolarWinds hack that impacted organizations around the world in 2020. In this attack, hackers gained access to networks of more than 30,000 SolarWinds Orion customers, including U.S. government agencies. The malware used in the attack also gave hackers access to Orion users’ customer and partner networks, expanding the potential victim list even more. Ransomware groups can use this model to maximise the return of one attack by impacting many businesses and organizations.

What Lies Ahead

Although the direction of ransomware groups isn’t totally predictable, they’re likely to follow the path of least resistance and target victims with resources to pay large ransoms. Trends going into 2024 included ransomware groups targeting business services and manufacturing. Additionally, the World Economic Forum points out that data exfiltration, not just holding data for ransom, is now involved in more than 77 per cent of attacks, up from just 40 per cent in 2019. Unfortunately, this also meant a rise in the proportion of companies paying ransom, up from 10 per cent in 2019 to 54 per cent in 2022.

How to Respond to the Changing Ransomware Landscape

One of the challenges that enterprises and organizations face in creating a cybersecurity strategy is the shortage of skilled professionals. Gartner predicts that a lack of cybersecurity talent or human failure will be the cause of half of all cyber incidents by 2025. Working with technology solutions providers (TSPs) with security expertise can give enterprises and organizations a way to ensure systems are patched and updated and the right antimalware, firewall, and other security technology are in place and configured correctly. You can also help your clients segment their networks to prevent ransomware from spreading to other systems and implement email protection as a safeguard against phishing attacks that deliver ransomware.

Another important safeguard is backing up data. Although it can’t stop the harm caused by data exfiltration associated with these attacks, it can ensure that data remains accessible and uncorrupted. A smart approach is to use the 3-2-1 rule: Making three backup copies, on at least two different types of media, with one offline. As an added protection, you can ensure one of the copies is immutable (can’t be changed) and ensure that there are no errors when you test backups for recoverability.

You can also provide value to your clients by offering training for their employees. Keep in mind that security awareness training is as much about culture as it is about systems. By continually educating anyone who has access to an organisation's data, they can keep that issue front of mind any time someone encounters a scenario that might give cybercriminals access to data or networks.

IoT security should also be addressed. Any unsecured “things” can easily become a vector for cyberattacks and ransomware. Ensure default usernames and passwords are removed from IoT devices, use network segmentation to keep devices away from other IT assets, and use monitoring and intrusion detection tools to keep close watch on devices.

Finally, it’s imperative you help your customers manage and protect their mobile devices, including those used to scan barcodes and RFID tags. As more data is collected in the field, protecting mobile devices from malware is critical to protecting the overall health of an organisation’s IT infrastructure.

In the current risk climate, your clients need a skilled and trusted partner. Your expertise can help them decrease their risks and recover data if a cyber incident occurs. Watch the evolving ransomware and vulnerability landscapes, keep your clients’ systems current, work with supply chain partners to stay vigilant, and provide the solutions and services your clients need to mount a strong defence.