The state of ransomware in 2023 and how digital currency fuels cyberattacks
By Parag Khurana
Ransomware was a major cybersecurity threat in 2022, causing widespread damage to individuals and organizations globally. For example, India has seen one of the biggest ransomware attacks when the servers of All India Institute of Medical Sciences (AIIMS) were targeted last year. Barracuda’s recent research finds the volume of ransomware threats that SOC team detected spiked between January and June 2022 to more than 1.2 million per month. This trend is expected to persist in 2023, where ransomware gangs will become smaller and smarter.
With the emergence of ransomware-as-a-service, cybercriminals have made it easier to execute attacks. At the same time, ransomware attacks are also fueled by cryptocurrency as research finds. Considering the rapid growth in the perceived value of cryptocurrency, attackers would demand payment in cryptocurrency such as Bitcoin. And more importantly, it is unregulated and difficult to trace. This can make it challenging for law enforcement agencies to track down the attackers or the funds received as ransom.
Over time, cybercriminals have introduced new techniques to their ransomware attack, including countdown timers, incrementally increasing ransom amounts, and alternative payment platforms. We see double extortion trend emerged in 2021, where attackers steal sensitive data from victims and demand payment in exchange for a promise to not publish or sell the data to other criminals. In 2023, with the ransomware-as-a-service business model taking off and ransomware gangs like LockBit 3.0, Conti, and Lapus$ are making news headlines, organizations will experience an increased frequency of ransomware attacks with new tactics.
Attackers have also expanded their targets to include larger operational systems, such as hospital networks and transportation service providers. Education (15%), municipalities (12%), healthcare (12%), infrastructure (8%), and financial (6%) are the dominant targets found by a cloud-first security solution provider. As more devices become connected to the internet, we can expect to see ransomware increasingly targeting beyond just computers and servers in the future.
While paying the ransom may unlock…
