While it’s premature to declare the ransomware crisis subsiding, a recent report from Microsoft reveals a glimmer of hope amidst the prevailing uncertainty.
In a welcome turn of events, despite the alarming statistic that 389 US-based healthcare organizations fell victim to ransomware attacks last year – a staggering average of one per day.
The 114-page report provides insights into various aspects of the cybersecurity landscape, including AI safety concerns, denial-of-service attacks, phishing tactics, social engineering schemes, and nation-state threats that pose significant risks to organizations.
Notably, a key takeaway from the report is that the incidence of ransomware attacks successfully encrypting data has declined by a staggering 300% over the past two years.
According to Microsoft’s analysis team, a significant decline in ransomware attacks could be linked to advancements in attack disruption technologies, which potentially mitigate the impact of an attack before it can cause maximum damage.
In the event of a successful ransomware attack aiming to encrypt an organisation’s data, it seems logical that the attackers could opt to abandon their encryption efforts, effectively disabling any security measures triggered by the attempted encryption.
As encryption payloads become increasingly unreliable and counterproductive, ransomware groups are redirecting their focus towards intellectual property theft and extortion schemes.
Many corporations have discovered that adopting this strategy can be just as detrimental as maintaining encrypted servers, as it may irreparably harm a company’s business model and reputation, leading to significant financial losses stemming from misguided investments and regulatory fines.
As a result, companies would do well to consider the possibility of being targeted by a ransomware group.
According to a recent report, when ransomware attacks resulted in the extraction of a ransom payment from an affected company, in nearly 92% of cases, the initial breach was facilitated by unpatched or unmonitored devices within the victim’s network.
Organisations can benefit by either excluding unmanaged devices from their network or enrolling them in management systems to ensure secure and efficient operations.
“Essentially the most prevalent preliminary entry strategies proceed to be social engineering – particularly e mail phishing, SMS phishing, and voice phishing – but additionally id compromise and exploiting vulnerabilities in public-facing purposes or unpatched working programs,” mentioned Microsoft company vp of buyer safety & belief, Tom Burt.
Notably, an analysis suggests that nation-states like Russia, Iran, and North Korea are increasingly collaborating with hacking groups in unprecedented ways – potentially leveraging these partnerships to gather intelligence, foment political unrest, or finance their nations’ military and economic objectives.
As examples, Israeli online dating platforms were compromised by Iranian-linked hackers who threatened to leak sensitive information; Russian cybercriminals infiltrated devices used by Ukraine’s military; Iran allegedly breached Donald Trump’s presidential organization, and a Chinese-backed disinformation campaign was designed to influence US congressional elections.
The proliferation of cybercrime has been further compounded by certain countries turning a blind eye to criminal gangs operating within their jurisdictions, as long as their attacks are directed at foreign-based targets, thereby perpetuating a threat that affects internet users worldwide.
As a direct response to Microsoft, the notorious ransomware gangs that have left readers of Tripwire’s blog familiar with their malevolent exploits include:
To help prevent a successful ransomware attack in your organization, consider implementing the following measures:
