The year 2023 marked a new peak in the ransomware wave, with paymentsexceeding a record 1 billion dollars, according to Chainalysis' annual report . However, this sum only refers to ransom payments. This is because the economic impact of lost productivity and repair costs associated with the attacks are not included. Ten percent of all companies worldwide were victims of attempted ransomware attacks last year. This represents an increase of 33% compared to the previous year. The increase illustrates the reality of the ransomware threat and brings the importance of cyber security even more into focus. But what is actually behind these figures?
During a ransomware attack, cyber criminals use malware to infiltrate targeted computer systems, capture sensitive data and encrypt it. Decryption is only possible by paying the demanded ransom. And even if money is paid, successful recovery of the data is far from guaranteed. The record payments and the significant increase in the scope and complexity of cyberattacks show a significant trend reversal compared to the decline in 2022 - by almost double!
In June 2023, the CLOP group exploited a vulnerability in the MOVEit file transfer management tool. Although the bug was fixed at the end of May, not all customers installed the patches in time. According to the UK'sNational Cyber Security Center, the MOVEit data extortion campaign was one of the biggest cyberattacks of last year. The number of organizations affected by the MOVEit campaign was around 2000, with the global IT sector, media companies, aviation companies, education and oil production particularly affected. Over 90 million individuals were also affected.
In September, the ALPHV/BlackCat group carried out a ransomware attack on two of the largest hotel and casino chains in the US. The incident blocked the entire infrastructure of the affected companies - from hotel check-in systems to slot machines. Interestingly, the victims reacted differently. According to Forbes, Caesars Entertainment decided to pay the extortionists 15 million dollars, half of the original demand of 30 million dollars. MGM, on the other hand, did not pay, but restored the infrastructure on its own. The recovery process took nine days, during which the company estimated that it lost 100 million dollars, of which 10 million dollars was the direct cost of restoring the failed IT systems.
Ransomware statistics show that the human factor plays a role in 74% of all security incidents. This can be caused by mistakes, the abuse of privileges, the use of stolen access data or social engineering.
Deceptively genuine phishing emails are the most common starting point for ransomware attacks. A fake email from a business leader can be used through social engineering to trick employees into clicking on a link in the fraudulent message. However, the attack can also occur via infected cell phones or tablets, unsecured public Wi-Fi networks, zero-day vulnerabilities and covert drive-by downloads from malicious websites. Overall, 83% of incidents are caused by external parties, and almost half of the attacks contained password information.
It is also clear that despite the increasing frequency of security breaches, companies are not yet sufficiently prepared for them. Strong password policies and the use of multi-factor authentication can prevent phishing threats targeting login credentials. However, anyone in the digital world can accidentally become a ransomware victim.
Here are a few quick tips that can help you:
Update your security guidelines regularly and stay up to date with Rheintec!