We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Few cyber threats create as much anxiety among security teams as ransomware attacks. Anxieties over ransomware threats are so high that 74% of IT decision makers actually believe ransomware should be considered a matter of national security, due to the use of double and triple extortion techniques.
However GuidePoint Research and Intelligence Team’s (GRIT) newly released quarterly ransomware threat report, has found that the number of ransomware victims actually decreased 34% in Q2 from Q1.
While this is a welcome reprieve for security teams, the report suggested that the reason for the decrease is the reorganization of the Conti cyber gang and Lockbit’s release of its 3.0 ransomware-as-a-service (RaaS) offering.
As a result, Principal Threat Analyst at GuidePoint Security and ransomware negotiator, Drew Schmitt notes that “this does not appear to be a part of a larger trend of ransomware slowdown as Q3 has began with large upticks in posting rates and four new ransomware groups being added to the ransomware threat landscape.”
The threat of ransomware today
In addition to the drop in ransomware attacks, the research also revealed that the U.S was the most impacted country by ransomware, and highlighted the top 4 cyber gangs by number of publicly posted victims as Lockbit2, Alpha, Conti and Blackbasta.
Despite the drop in ransomware in this quarter, security teams need to be prepared for an increase in the level of threats in the latter half of this year.
Now with Lockbit2 relaunching as Lockbit 3.0 it appears likely the RaaS economy will continue to grow. As Schmitt notes in the official announcement, “we expect to see an uptick of Lockbit 3.0 activity and potentially other restructuring and consolidation in affiliate-based ransomware operations.”
If this prediction is correct, then enterprises will need to be even more vigilant about ransomware threats in the future, as even cyber criminals with low technical knowledge will be able to wage cyber attacks based on the complex ransomware infections created by other underground threat actors.
Key implications for CISOS
In the event that there is an increase in ransomware activity later this year, CISOs need to have a strategy for hardening their organization’s defenses.
How this is done will depend on each enterprise’s priority risks, but Schmitt says that the majority of threat groups are exploiting vulnerabilities and misconfigurations that could be prevented through good old fashioned cybersecurity fundamentals.
This means deploying updates and patches to mitigate potential entry points, while using vulnerability and attack surface management tools to seek out public-facing exposures and mitigating them before a threat actor has a chance to exploit them.
Going forward, taking simple proactive steps to progressively enhance the security of the enterprise is critical for making continual improvements in security posture, and making it considerably more difficult for an intruder to gain access to the environment and to encrypt or exfiltrate data.