Tag: increase | Page 4

Singapore Records Highest Increase in Ransomware Attacks in 2023, According to Sophos

May 19, 2023/in Internet Security

Sophos on Wednesday released its annual “State of Ransomware 2023” report, which found that the rate of ransomware attacks on Singaporean organisations increased considerably in 2022 with 84 per cent of organisations surveyed saying they were a victim of ransom, which compares to 65 per cent the year before. This increase meant that Singapore reported the highest rate of ransomware attacks of all countries surveyed this year.

In 61 per cent of attacks on surveyed organisations, adversaries succeeded in encrypting data with 53% of those who had data encrypted paying the ransom to get their data back. This is up from 48 per cent last year and higher than the global average of 47 per cent.

On a global scale, the survey also shows that when organisations paid a ransom to get their data decrypted, they ended up additionally doubling their recovery costs (US$750,000 in recovery costs versus US$375,000 for organisation that used backups to get data back). Moreover, paying the ransom usually meant longer recovery times, with 45 per cent of those organisations that used backups recovering within a week, compared to 39 per cent of those that paid the ransom.

When analyzing the root cause of ransomware attacks, the most common was an exploited vulnerability (involved in 43 per cent of cases), followed by compromised credentials (involved in 26 per cent of cases). This is in line with recent, in-the-field incident response findings from Sophos’ 2023 Active Adversary Report for Business Leaders.

Data for the State of Ransomware 2023 report comes from a vendor-agnostic survey of 3,000 cybersecurity/IT leaders conducted between January and March 2023. Respondents were based in 14 countries across the Americas, EMEA and Asia Pacific and Japan. Organisations surveyed had between 100 and 5,000 employees, and revenue ranged from less than US$10 million to more than US$5 billion.

Source: https://www.sophos.com/en-us/content/state-of-ransomware

Chester Wisniewski, field CTO, Sophos

Rates of encryption are very high, which is certainly concerning. Ransomware crews have been refining their methodologies of attack and accelerating their attacks to reduce the time for defenders to…

Source…

India saw 53% increase in ransomware attacks in 2022: CERT-In, ET CIO

April 15, 2023/in Internet Security

India saw a 53 per cent increase in ransomware incidents in 2022 (year-over-year) and IT and ITeS was the majorly impacted sector followed by finance and manufacturing, India’s national cyber agency CERT-In has said in its latest report.

Ransomware players targeted critical infrastructure organisations and disrupted critical services in order to pressurise and extract ransom payments in 2022, according to the “India Ransomware Report 2022”.

“Variant wise, Lockbit was a majorly seen variant in the Indian context followed by Makop and DJVU/Stop ransomware. Many new variants were observed in 2022 such as Vice society, BlueSky etc,” said CERT-In.

Last year, a massive ransomware attack disrupted the systems at the All India Institute of Medical Science (AIIMS), crippling its centralised records and other hospital services.

According to the CERT-In report, at the large enterprise level, Lockbit, Hive and ALPHV/BlackCat, Black Basta variants became major threats, whereas Conti, which was very active in the year 2021, became extinct in the first half of the year 2022.

“Makop and Phobos ransomware families mainly targeted medium and small organisations. At individual level, Djvu/Stop variants continued dominance in attacks over the past few years,” the report said.

Most of the ransomware groups are exploiting known vulnerabilities for which patches are available.

Some of the product wise vulnerabilities being exploited are in tech companies like Microsoft, Citrix, Fortinet, SonicWall, Sophos, Zoho. and Palo Alto etc, said the report.

“Ransomware gangs are commonly using Microsoft Sysinternals utilities such as PsExec for lateral movements,” it added.

On an average, the restoration time is about 10 days for infections in reasonably large infrastructure networks.

“For smaller networks/infrastructure, the restoration time is around 3 days and for individual systems it is 1 day,” the CERT-In report noted.

Ransomware gangs are becoming innovative in their approach to improve attack operational efficiency.

“Ransomware builders are focusing on speed and performance. Instead encrypting the entire file, a portion of the file is getting targeted for encryption…

Source…

Report: Endpoint ransomware detections increase 627%

April 7, 2023/in Internet Security

Report: Endpoint ransomware detections increase 627% | Security Magazine

Source…

National Cybersecurity Center reports increase in ransomware a…

March 18, 2023/in Internet Security

AMMAN — Bassam Maharmeh, the president of the National Cybersecurity Center, announced on Friday that the number of cybersecurity
incidents targeting government institutions and vital sectors in Jordan last
year reached 1,326. اضافة اعلان

Maharmeh added that 2 percent of these attacks were deemed
“very dangerous,” Al-Mamlaka TV reported.

Maharmeh also noted that there had been a significant increase
in ransomware attacks during the second half of last year. Ransomware is a type
of malicious software that threatens to publish the victim’s data or block
access to it unless a ransom is paid.

Report to follow
The
National Cybersecurity Center is responsible for protecting government networks
and vital sectors, such as communications, electricity, and national
security-related sectors, from cyberattacks, said Maharmeh.

He added that the center will soon publish a detailed report on
the most prominent cybersecurity incidents that occurred in Jordan last year.

Vulnerabilities
in VMware esxi systems
Earlier
this year, the center warned of a security vulnerability that may expose
devices to ransomware attacks.

The center explained that the security
vulnerability targets systems that operate on the VMware esxi system, allowing
ransomware programs such as “ESXiArs” to exploit the vulnerability
and encrypt sensitive data, demanding a ransom payment in exchange for the
decryption key.

As a
preventative measure, the center advises users of systems operating on the
VMware ESXi system to update to the latest version as soon as possible to
address this security vulnerability and protect their systems from ransomware
programs.

Additionally, the center recommends implementing strong access
controls and authentication procedures, regularly backing up important data and
storing backups off-site, and training employees on best cybersecurity
practices.

Tag Archive for: increase