Ransomware continues to grow in prevalence, impacting critical infrastructures and organizations across the globe. This type of malicious software is used by cybercriminals to elicit a “ransom” in return for gatekept files, stolen data, and other important or sensitive data. The Information Technology - Information Sharing and Analysis Center (IT-ISAC) has been monitoring ransomware incidents and trends through its ransomware tracker since 2021, recording over 2,900 attacks globally in 2023 alone.
Earlier this year, the IT-ISAC released a ransomware report titled Exploring the Depths: An Analysis of the 2023 Ransomware Landscape and Insights for 2024. The report has been updated quarterly to address any changes in attacks or players in the space. In the report's initial release, the Information Technology sector was targeted in 9.3% of the attacks seen in 2023. However, fast forward to Q2 of 2024, the attacks against the information technology sector dropped to 6.9% of all attacks. Based on these attacks, we found that the top 5 cyber groups targeting the sector were:
LockBit 3.0
Hunters
Inc Ransom
Arcus Media
8Base
Luckily enough, this trend of a lowered number of ransomware attacks was seen across the board and not unique to only the IT sector for the first half of 2024.
The ransomware landscape began to change at the end of 2023, which could be the reason behind the declining attacks. In December of 2023, there was a law enforcement takedown of the group BlackCat/ALPHV, causing disruption to one of the most notorious ransomware gangs. This action was followed by another law enforcement takedown of the LockBit group, including agencies from 10 countries, in February 2024. Both of these groups were historically the top ransomware perpetrators of attacks across critical infrastructures.
Although the Q2 analysis for this year shows fewer ransomware attacks across the board, and there have been notable disruptions to the larger ransomware players, this doesn’t mean you should lower your guard or lessen your security posture. It is important to always be vigilant; ransomware actors and groups continue to exploit (or attempt to exploit) existing vulnerabilities among other tactics. The Q2 report outlined that the initial access vectors used were as follows:
Exploitation of Known Vulnerabilities - 42%
Phishing - 28.5%
Other (Valid Accounts, External Remote Services, etc.) - 29.5%
Stay Safe and Protected
Mitigation steps and best practices are crucial to helping defend against ransomware attacks. Below are some of the initial steps you can take to bolster resilience.
Keep your information backed up.
Regularly update and perform maintenance.
Have an incident response plan ready (and don’t forget to test it).
Test your security with a third party.
Segment your networks.
Thoroughly train your staff.
Level up your security with MFA.
To view the full detailed list of tips, check out the 2023 report, along with the Q1 and Q2 analysis.
コメント