Ransomware on the Move

In an evolving ransomware landscape in which adversaries seek to evolve past the ability of their victims to defend, ransomware groups are shifting their attack techniques away from phishing to put a greater emphasis on vulnerability abuse. Vulnerability abuse has grown considerably, both in scope and sophistication, as we extensively examined in our previous report, Slipping Through the Security Gaps. And ransomware groups have become more aggressive in their methods of both extortion and vulnerability exploitation, such as through in-house development of zero-day attacks and bug bounty programs. Ransomware groups are willing to pay for the opportunity for financial gain, whether it’s to pay other hackers to find vulnerabilities in their ransomware software, or to acquire access to their intended targets via initial access brokers (IABs).

A deeper examination of the data reveals dangerous trends, echoing the explosion of high-profile attacks in 2022. Trends emerge in the growth of victims in various industries. Verticals with a rise in Internet of Things device connections, especially in manufacturing, have incurred a higher ransomware victim count. Yet, even verticals with a smaller victim count have been greatly affected, such as in healthcare, in which successful ransomware attacks could have severe consequences. Attackers are also shifting gears regarding tactics that can generate a more profitable pathway of value. They are finding more success as they move away from their initial extortion tactic — encryption — and focus their efforts more on data theft to gain an advantage over organizations relying on their backups. Attackers can also resort to multiple extortion tactics, including harassing the victim’s customers or partners through emails or phone calls. Indeed, ransomware has evolved into a cybercriminal enterprise that goes beyond holding files or systems hostage.

We lay out the ransomware landscape in this State of the Internet (SOTI) report by exploring some of the most effective attack techniques and tools that ransomware groups are utilizing to achieve initial access through exfiltration. We also provide an extensive list of safeguarding techniques and recommendations. It is crucial that both industries and individuals protect themselves from the new wave of ransomware attacks, and this report will help provide insights for better defense and risk management of this growing concern.