Ransomware Operators Widen Strategies, Going Beyond Data Scrambling and Theft
In a comprehensive survey of 2000 senior security decision-makers, the extent and impact of ransomware attacks on organizations have been revealed. The study, conducted across various industries and countries, found that over half (57%) of the organizations surveyed experienced a successful ransomware attack in the past 12 months.
One of the most concerning findings is the disintegration of tools among organizations. Sixty-one percent (61%) of respondents stated that their tools don't integrate, leading to visibility issues and creating blind spots where attackers can hide undetected.
The top impact of ransomware attacks, according to the respondents, is damage to their brand and reputation (41%). Recovery costs (36%) and losing sensitive data (34%) are also significant concerns for victims. Interestingly, only a quarter (24%) of ransomware incidents involve the encryption of data, indicating that attackers have expanded their tactics beyond data encryption and exfiltration.
Ransomware actors have been found to threaten staff in 16% of incidents, while around a third (32%) of victims have paid the attackers to recover or restore data. This number rises to 37% among organizations affected twice or more. However, it's disheartening to note that of those that paid, 41% failed to recover all their data.
The study also revealed that downtime is experienced by 38% of ransomware victims. Moreover, 26% of ransomware incidents infect multiple endpoints such as computers or servers. In addition, 37% of ransomware incidents involve wiping backups and/or deleting shadow copies of files, making data recovery even more challenging.
Threats to alert the authorities and/or the press (21%) and to partners, shareholders, or customers (22%) are also common tactics used by ransomware actors. Attackers threatened to file regulatory complaints against victim organizations in 47% of cases, according to a report by Semperis.
Notably, the ransomware group Warlock primarily operates via ransomware-as-a-service (RaaS) and mainly focuses on deploying ransomware without other specified activities beyond data encryption and exfiltration. However, other groups like Devman and Nightspire prominently use double extortion, combining encryption with data theft and threat of data leaks.
On a positive note, around two-thirds (65%) of organizations were able to restore data from backups following a successful ransomware attack. However, 74% of repeat ransomware victims complained that they are juggling too many security tools, suggesting a need for more integrated and effective solutions.
The findings of this study underscore the urgent need for organizations to strengthen their cybersecurity measures and prepare for the evolving tactics of ransomware attackers.
