On December 12, 2022, there was a cyber attack in the Swedish municipalities of Borgholm and Mörbylånga which made a range of essential services of the two municipalities unavailable. Although the nature of the intrusion is still undisclosed, it appears to be part of a larger trend of global ransomware attacks.
On January 10, the royal mail has detected a cyber incident affecting delivery and collection across the UK.
In even more recent news, the city of oakland declared a local state of emergency due to a ransomware attack that forced the city to take all of its computer systems offline on February 8.
But what is a ransomware attack, who are the target groups, and how can organizations protect themselves?
Changing tactics in ransomware attacks
Ransomware is malicious software that encrypts a company’s data, preventing access to the data until the ransom payment is paid and a decryptor is released.
In 2021, there were 623.3 million ransomware attacks worldwide, a 105% increase over 2020 figures. Most of these targeted ransomware attacks are on the rise since the shift to remote and hybrid working.
However, in 2022, the volume of ransomware attacks fell 23%. While organizations believe this indicates that cybersecurity prevention is helping prevent these crimes, the crimes are moving to new levels.
Most ransomware groups opt for the double extortion model, threatening to expose compromised data, for additional leverage to collect ransom payments. These high profile attacks bring greater sophistication to modern cyberattacks imposing new dangers on organizations and individuals.
Ransomware payments on the rise
Despite the decrease in the number of ransomware attacks, payment requests are on the rise.
In 2021, the average ransomware payment was $570,000. In 2020 it was $312,000, while in 2019 it was $115,000. The price increases when attackers prey on high-profile individuals and entities.
During the Royal Mail ransomware incident, hacker LockBit set up a $80 million ransomwhich they claimed was 0.5% of the company’s revenue, in exchange for decrypting the files.
Another 2022 ransomware attack against the government of Costa Rica, the perpetrators demanded a ransom of $10 million in exchange for not disclosing the stolen information.
Global ransomware statistics
THE 2023 Ransomware Report by Outpost24 shares the latest trends and developments of the most active ransomware groups.
Here are the most interesting findings from the Outpost24 research team:
- A total of 2,363 disclosed victims (companies) by various ransomware groups on data leak sites in 2022.
- Of the 101 different countries that have registered victims on data breach sites, 42% of them are from the United States alone, while around 28% are from European countries.
- Ransomware victims tend to be based in wealthy Western countries, as RaaS operators tend to make more money from them.
- Threat actors primarily target organizations that may have a greater ability to pay a ransom, making them a global threat. However, this does not necessarily mean that organizations with less revenue are free from risk.
Frontline protection against ransomware attacks
Ransomware is the fastest growing category of cybercrime. Most organizations are concerned about ransomware, but many may lack the resources to deal with the latest threats.
For these organizations, we recommend verifying their corporate credentials with Specops Password Auditor. Stolen or weak credentials are one of the most common ways malicious actors can break into your system to launch a ransomware attack.
With the free Specops Password Auditor, you can check your Active Directory passwords against a list of over 930 million compromised passwords. The findings of the audit report can help you assess your threat profile and build the appropriate defense strategy.
For a more proactive approach with a paid solution, you can completely block the use of vulnerable credentials in Active Directory. Specops password policy can prevent the use of more than 3 billion compromised passwords, easy-to-guess passwords, and enforce password policies to align with regulatory requirements such as NIST.
Finally, for credential protection beyond Active Directory, we recommend Blueliv Threat Compass, by Outpost24. The solution offers an identification module to detect compromised credentials in real time.
Sponsored and written by Specops software