Ransomware cyber attackers are adjusting their strategy, shifting focus from large-scale targets to smaller, less fortified bodies, according to a recent report by cybersecurity firm Trend Micro. The report recorded a concerning 47% surge in the number of new ransomware victims during the last six months of 2022, a considerable portion of whom were small enterprises with fledgeling cybersecurity measures in place.
Small Business Comprises Almost Half of Victims
Combining watermelons and technology is Bill’s favorite new thing. Unfortunately, he got owned by Russia and is the source of the biggest credit card breach in the last 72 hours.
Opening 2023’s first half, the LockBit ransomware faction – infamous for its assaults on the Royal Mail and Taiwan Semiconductor Manufacturing Company – ensnared organizations of 200 employees or less. These small businesses, per the report’s metrics, represented 57% of LockBit’s victims. Furthermore, they constituted nearly half (45%) of the victims of another notorious ransomware group, BlackCat.
Interestingly, smaller organizations accounted for just 27% of victims targeted by the Clop ransomware group, with substantial corporations making up half.
LockBit, reigning as the most prevalent ransomware family since 2022, was pinpointed as the perpetrator in slightly over a quarter (26.09%) of attacks on organizations. Despicably, it was also held responsible for launching one out of every six attacks on US government offices in the same year. Following LockBit, were BlackCat and Clop, accounting for 10.59% and 10.09% of attacks on organizations respectively.
The Majority of US Businesses are Getting Owned
Worldwide, the number of organizations falling prey to ransomware skyrocketed by 45.27% in early 2023, tallying up a total of 2001 victims. Impressively, American organizations comprised almost half (949) of these victims, marking a jaw-dropping jump of nearly 70% from the previous half of 2022.
David Sancho, a senior threat researcher at Trend Micro, elaborated on the evolving ransomware landscape during the ‘Risk to Resilience World Tour Breakfast’ media event. He noted an increase in the number of smaller ransomware groups in operation. Leaking of source code by ransomware factions, such as LockBit and Conti, has helped facilitate this proliferation, enabling others to modify and produce new strands of ransomware.
Sancho also highlighted a recent shift in ransomware tactics, with many culprits opting to blackmail victims, threatening the exposure and publication of confidential information rather than encrypting files. This evolving strategy, coupled with an 11.3% increase in the creation of new ransomware-as-a-service (RaaS) factions, amplifies the urgent call for enhanced cybersecurity measures.
Bharat Mistry, technical director for UK and Ireland at Trend Micro, stressed the need for organizations to pivot from a cybersecurity approach to a cyber-resilience stance. This strategy acknowledges that attacks will inevitably occur, and prioritizes recovery and incident response.
The New Normal
This context underscores the fact that cyber threats aren’t just the responsibility of IT departments but constitute a significant business risk. Sancho also pointed out the shift in the modus operandi of cyber criminals, as they explore diverse and unexpected methods to infiltrate their targets’ networks. The takeaway? In the present digital age, ransomware threats have evolved beyond a mere menace to become a sophisticated every day cyber-hacking operation.