Report: Ransomware groups show staying power, average lifespan is 17 months

Join today’s leading executives online at the Data Summit on March 9th. Register here.

A new report from IBM Security reveals that ransomware groups may have “nine lives” after all, as the average lifespan of a ransomware group before it’s shut down or rebranded is about 17 months. While government attention and law enforcement takedowns in 2021 may have contributed to a brief slowdown in ransomware activity, the data suggests that many ransomware gangs could go into hiatus, rebranding or rebuilding their infrastructure to come back renewed and stronger. These groups have the funds to back their rebranding investment, as ransomware continues to be the most popular attack method observed globally, and is a lucrative business model for these operators. 

Ransomware attackers set their sights on the manufacturing sector in 2021, which was predominantly hit. Ransomware groups recognized the fragility of global supply chains amid the pandemic and went after the organizations which pillar them — manufacturers.  Nearly one in four cyberattacks globally were against manufacturers, indicating that attackers found leverage in the critical role they play for the economy.

For example, in Asia, a region on which many of the world’s supply chains depend, manufacturing was one of the top-attacked industries. Cybercriminals wagered on the broader impact an attack on these organizations would have on the larger global business ecosystem. 

Ransomware groups’ resilience makes it imperative for businesses to put plans in place to prepare themselves if they find themselves in front of ransomware operators’ target scope. Rehearsing playbooks and simulating real-world feeling cyberattacks are key practices that need to become part of a businesses’ resilience strategy. It will also force businesses to be more intentional about modernizing their infrastructure and determining where they keep their critical data — to better control and secure the “who, what and why” of accessing it. 

The report includes real-world data from IBM’s internal sources and open-source data, including the cyber incidents the IBM X-Force team has responded to. In addition, it includes, but is not limited to, billions of data points ranging from network and endpoint detection devices that IBM monitors to X-Force Red engagements, X-Force’s threat intelligence insights and data provided by report contributors such as Intezer.

Read the full report by IBM Security.

Originally appeared on: TheSpuzz