There has been a steep increase in ransomware threats in the year 2022 and it is not likely to slow down any time soon. Ransomware in itself is becoming a major part of the IT industry challenging IT Security every day.
Traditionally, ransomware attacks have been encrypting your files and demanding a ransom to get you your data back. The trends are changing now. Ransomware groups have been formed. These groups start with access brokers who sell the initial access of compromised machines and networks to ransomware groups. This makes it faster and easier for the groups to work. Ransomware groups are able to focus more on developing more threats and negotiating the ransom.
Operations through Ransomware Groups
The next new trend coming up is a diverse set of specialized groups working each on a different piece of the ransomware attack lifestyle. Developers are acquiring additional skills to execute a successful attack. Ransomware Actors develop and sell various parts of the attack chain: network access, compromised credentials, cash-out services, and more. Mechanisms have been developed to settle disputes between cybercriminals. Arbitration services let the threat purchaser file for compensation if malware authors fail to meet the SLAs.
Data Exfiltration is the new focus area for attackers. Data Exfiltration means data extrusion, data exportation, or data theft which is also defined as unauthorized data transfer from one computer to another device. It is generally performed by cybercriminals targeted with the intent of gaining access to a network or a machine to locate and copy specific data.
Attackers can extort money directly or sell your exfiltrated data by placing usernames and passwords for sale on a darknet forum.
Under Double-Extortion attacks, threat actors hold your data for ransom as well as threaten to publish it. This is the new trend and as per the threat intelligence company, Digital Shadows, they have uncovered 11 such new extortion groups in the year 2022.
Reasons for Increase in Ransomware Attacks
The remote workforce is another key contributor to the rise in attacks. According to data governance company Veronis, ransomware attacks have increased 148% this year over the last due to the rise in remote work. Attackers have started using Corono Virus-themed emails for phishing attacks on the remote office worker’s system. The home network is far away from the Enterprise network and is relatively less secure. The increased attacks on remote workforce had more to do with spammers than the ransomware attackers. These just helped flourish and provided low-level cybercriminals with an avenue to enter the underground market easily.
Internet Of Things
The Internet Of Things could be another target. Embedded devices handle a variety of tasks that support day to day functioning of many critical businesses. Attacks on such devices and services have the potential to cause severe consumer pain and can help extract an easy ransom. Once these become common, threat actors can easily access an organization's networks and demand to be paid for not attacking. This could be another way of ransom probably without damaging or leaking your information. Sophisticated ransomware actors avoid using software tools because they can trigger alerts that could give an early warning and help extract a ransom.
Cloud adoption and SaaS applications
SaaS applications could be another point of target soon. Most attacks currently are on on-premise applications. With the increase in cloud adoptions, developers/attackers are looking into opportunities and areas to attack the data stored on SaaS applications.
Ransomware is there and has been there. In the coming years, it is going to grow. Organizations need to create not only a defensive but also an offensive strategy to take the threats head-on.
Regular password rotations, rotating access keys, using non-standard ports, enabling multi-factor authentication, and updated backups stored on a different network could be some of the quick ways to safeguard yourself.
You can rely on Ace Data backup as a service that provides 24x7 monitoring and protection against ransomware with secure AI-based bidirectional scanning of data being backed up and recovered. Prevents zero-day attacks attempting to penetrate backup & recovery streams.