Tag Archive for: Ransomware

Organizations Likely to Experience Ransomware Threat in the Next 24 Months, According to Info-Tech Research Group

/in


Security leaders must build resiliency against these complex attacks immediately. 

TORONTO, Jan. 23, 2023 /PRNewswire/ – Cyberattacks, especially ransomware, are becoming more sophisticated more frequent, with more severe impacts, year over year. These attacks can quickly encrypt systems and steal sensitive data, making data recovery challenging for organizations. Although there is much concern about the ransomware threat, corporate executives are not yet willing to spend on solutions without clear evidence of the improvements being made. To help IT leaders improve their organization’s ability to prevent incursions and defend against ransomware attacks in the current climate, global IT research and advisory firm Info-Tech Research Group has published a new research-backed industry blueprint, titled Build Resilience Against Ransomware Attacks.

Info-Tech’s step-by-step guide to building resilience against ransomware attacks from the firm’s “Build Resilience Against Ransomware Attacks” blueprint. (CNW Group/Info-Tech Research Group)

Info-Tech’s step-by-step guide to building resilience against ransomware attacks from the firm’s “Build Resilience Against Ransomware Attacks” blueprint. (CNW Group/Info-Tech Research Group)

Ransomware is a high-profile threat that demands immediate attention, as it is a much more complex security threat than other types of attacks. Malicious actors have also developed increasingly sophisticated methods to pressure organizations into paying ransom payments. These emerging strains can exfiltrate, encrypt, and destroy data and backups in hours, making data recovery a grueling challenge.

“As ransomware attacks become more frequent and impactful, organizations need to focus on building resiliency to withstand these attacks instead of solely relying on response and recovery,” says Michel Hébert, research director at Info-Tech Research Group. “The process of building resilience is like climbing a mountain, requiring time, planning, and help from others to overcome challenges and work through problems.”

Info-Tech’s findings show that organizations often misunderstand the risk scenarios associated with ransomware attacks, which can lead to underestimating the potential impact of an attack. The cost of a ransomware attack goes beyond just the ransom, with four key areas driving recovery costs: detection and response,…

Source…

Ransomware Revenue Drops Amidst Less Successful Extortion Attempts: Chainalysis

/in


2022 has been a turbulent year. One good thing to come out of it is that – ransomware earnings are significantly down.

Attacks on the crypto industry remain rampant. However, data suggests that victims are increasingly refusing to pay ransomware attackers. Blockchain analytics company Chainalysis, in a new report, shed light on the changing dynamics in the ransomware industry.

Zooming in on Ransomware Attacks 2022

It found that over 10,000 unique strains were active in the first half of the year alone – a trend that was also confirmed by on-chain data. In comparison, around 5,400 unique strains were recorded to be active over the same period of 2021. The number of active strains has increased substantially in recent years, a major portion, however, goes to a small group of strains at any given time.

Lifespans of ransomware have slid in 2022. In fact, the average ransomware strain was found to be active for just 70 days, down from 153 in 2021 and 265 in 2020. Most attackers funnel the extorted funds to mainstream centralized cryptocurrency exchanges. This number surged from 39.3% in 2021 to 48.3% in 2022.

On the other hand, ill-gotten funds being moved to high-risk exchanges fell from 10.9% to 6.7%. A similar declining trend was seen in the usage of illicit services such as darknet markets for ransomware money laundering. However, the usage of coin mixers for the same purpose has increased from 11.6% to 15.0%.

Less Frequent Ransom Payments

Chainalysis stated that the estimate for 2022’s total ransomware revenue fell by 40.3% to at least $456.8 million in 2022 from $765.6 million in 2021. The drop is substantial and demonstrated increasing unwillingness among the victims to pay ransomware attackers and not a decline in the actual number of exploits.

While asserting that ransomware continues to be a major cyber threat to businesses and enterprises, Michael Phillips, Chief Claims Officer of cyber insurance firm Resilience, noted:

“There have, however, been signs that meaningful disruptions against ransomware actor groups are driving lower than expected successful extortion attempts.”

Especially over the past four years, the probability of victims paying a…

Source…

Why Is LockBit Ransomware Group So Prolific?

/in


Fraud Management & Cybercrime
,
Ransomware
,
Video

Also: Netskope’s SASE Vision; The Compassionate CISO

Anna Delaney (annamadeline) •
January 20, 2023    

Clockwise, from top left: Anna Delaney, Mathew Schwartz, Michael Novinson and Tom Field

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity and privacy issues, including why being a CISO is like being the first family doctor in a small village, why you can’t trust ransomware gangs such as LockBit, and why cloud security vendor Netskope took on $401 million in debt from Morgan Stanley to fuel its SASE offering.

See Also: Live Webinar | Navigating the Difficulties of Patching OT


The panelists – Anna Delaney, director, productions; Mathew Schwartz, executive editor of DataBreachToday and Europe; Michael Novinson, managing editor of business; and Tom Field, senior vice president, editorial – discuss:


  • Highlights from an interview with Aleksandr Zhuk, CISO of cryptocurrency broker sFOX, on why being a CISO is like being the first family doctor in a small village;


  • How the world’s most prolific ransomware group, LockBit – which has been linked to a cyberattack that targeted Britain’s national postal service, Royal Mail – displays an attitude of “profit at any cost”;

  • Why cloud security vendor Netskope has taken on more than $400 million in debt to further develop its SASE platform and expand its go-to-market activities.

The ISMG Editors’ Panel runs weekly. Don’t miss our previous installments, including the Jan. 6 edition, which discusses the complexity of the Rackspace zero-day attack, and the Jan. 13 edition, which discusses the impact of…

Source…

Daixin ransomware poses critical threat to healthcare, says AHA cyber chief

/in


The American Hospital Association’s senior advisor for cybersecurity said the Daixin ransomware poses a significant risk to the healthcare sector. (U.S. Air Force)

Reports consistently note the rising risk to patient safety after a ransomware attack. But the most pressing variant facing healthcare is Daixin, a technologically advanced, stealthy, and long-lasting malware attributed to China, according to American Hospital Association’s Senior Advisor for Cybersecurity and Risk John Riggi.

Riggi spoke to sector leaders during a University of California San Francisco Stanford Center of Excellence in Regulatory Science and Innovation discussion on Tuesday, outlining the risk areas providers should be working to address into the foreseeable future.

He also had a stern warning for provider organizations still dragging their feet on implementing multi-factor authentication across the enterprise, particularly as threat actors continue to target critical infrastructure and supply chain partners in force.

“If we’re not doing MFA at this point, it would be hard to defend both civilly and regulatory the actions against you as it is a very, very basic technique at this point,” said Riggi. “The White House has implored us to implement basic cybersecurity procedures, which alone at a very low costs could prevent a significant portion of ransomware attacks.”

MFA should be at the top of the list for securing all remote access points into the organization, as the threat of ransomware and other cyberattacks continue to plague the sector and cyber insurance becomes less and less of a guarantee, he added.

Versions of Daixin have been used in attacks in various forms over the last decade, with researchers observing a resurgence of a refined variant in February 2022. Symantec described the threat “as the most advanced piece of malware” they’d ever seen from China-backed attackers. Daixin is used in both “smash-and-grab operations” and for stealthy operations.

The most prevalent goal of these attacks appears to be espionage, hijacking legitimate TCP/IP service and listening on port 80 for traffic patterns it can interpret as commands.

In healthcare, Daixin has claimed multiple victims that…

Source…