Ransomware isn’t going away – the problem is only getting worse

As nan world moves steadily to becoming much and much digital, organizations worldwide go progressively limited connected IT systems to tally their services. Threat actors cognize this truth very well.

A short clip ago, cyberattacks were utilized to dispersed machine viruses to bring harm to target systems, specified arsenic making them unstable. However, arsenic modern onslaught devices developed, a caller devastating criminal exemplary appeared that could some harm targeted systems, and extort money from victims by encrypting their files, and taking them hostage.

The caller onslaught exemplary is called ransomware, and it is gaining much momentum twelvemonth aft year.

According to a caller study by Malwarebytes, Global ransomware attacks person witnessed a boost successful 2023. The study recorded 1,900 ransomware attacks against 4 countries—the US, Germany, France, and nan UK—in 1 year.

Ransomware attacks go costly complete clip too, Cyber Security Ventures predicts by 2031, a ransomware onslaught will hap each 2 seconds, costing nan world astir $265 cardinal (USD) of losses annually.  

Is ransomware exclusively focused connected large organizations?

Most recorded ransomware attacks target large organizations; however, this is nary longer nan case. Ransomware operators are much often targeting mini and medium-sized businesses arsenic good arsenic individuals. For instance, pinch back-to-school, ransomware has risen against schools.

According to the Recorded Future, astatine slightest 27 schools and districts were deed pinch ransomware this August (see Figure 1).

The ransomware arsenic a Service (RaaS) business model enables cybercriminals lacking method skills to motorboat ransomware attacks without processing them. RaaS operators supply nan ransomware payload, infrastructure, and costs systems successful speech for an connection interest based connected successful ransoms.

This allows novice attackers to motorboat devastating ransomware campaigns against various targets and thief accelerate nan spreading of ransomware attacks worldwide.

Recent ransomware attacks

Almost each day, we perceive successful nan news astir a awesome ransomware incident that deed a awesome organization; present are immoderate caller ransomware incidents:

• The LockBit ransomware group launched a ransomware onslaught against Oakland metropolis successful April 2023, ceasing 311 nationalist service
• The Royal ransomware hit nan metropolis of Dallas IT infrastructure, resulting successful ceasing galore nationalist services and exposing nan individual accusation of 26,212 residents of Texas
• The ransomware onslaught against Harvard Pilgrim Health Care in April 2023 resulted successful accessing 2,550,922 of patients' aesculapian data

Ransomware gangs are utilizing much precocious techniques to infect their targets

The immense profits gained from ransomware attacks person made it a lucrative method for cybercriminals to gain money. Ransomware groups often guidelines their ransom demands connected a percent of nan unfortunate company's yearly revenue, usually around 3%.

Hackers put parts of nan ransom payments to create much robust onslaught devices and to invent caller onslaught methods. Here are immoderate ransomware onslaught techniques:

• Outsourcing first entree to target IT environments to Access Brokers to summation entree to target networks done phishing, utilization kits aliases stolen credentials truthful they tin deploy their ransomware
• Exploiting zero-day vulnerabilities successful target information controls and applications to summation access
• Using morganatic penetration testing tools, specified arsenic Cobalt Strike, to present nan payloads
• Compromising websites and utilizing them to administer utilization kits to tract visitors. Which allows attackers to utilization vulnerabilities successful visitors' web browsers and operating strategy   

A communal method for ransomware operators to entree targets IT environments is password-related attacks. For instance, credentials stuffing, password spraying, password reset abuse, phishing attacks, password guessing and exploiting default passwords are communal password-based attacks leveraged by ransomware groups.

The LockBit ransomware was nan astir deployed ransomware version successful 2022 and continues to beryllium wide successful 2023.

The LockBit operators leverage blase techniques to onslaught their targets, chiefly via password-related attacks, specified as:

• Executing customized phishing attacks (Spearphishing) against well-researched targets
• Execute brute-force attacks against enterprises net facing applications, specified arsenic RDP and VPN
• Purchasing stolen entree credentials from darknet marketplaces, specified arsenic TOR network
• Using information devices specified arsenic Mimikatz to stitchery credentials from target systems representation to summation unauthorized entree and to escalate privilege

How do hackers monetize and utilization bad password behaviors?

There are galore ways that hackers return advantage of mediocre password practice:

• Credential stuffing: Hackers usage antecedently compromised username/password pairs to entree different accounts wherever users usage nan aforesaid credentials. It is communal for users to reuse nan aforesaid password to unafraid aggregate online accounts, which makes this onslaught achievable
• Brute-force attacks: Hackers conjecture users passwords utilizing automated tools, specified as John nan Ripper and Cain and Abel
• Password spraying: Attackers hole a database of usernames and past effort a communal password (e.g., default password) to effort login into each these accounts
• Phishing attacks: Hackers create clone login webpages resembling morganatic webpages and instrumentality users into entering their relationship credentials, which nan hackers past gather
• How Specops Password Policy tin thief you mitigate ransomware attacks?

To halt ransomware attacks that return advantage of end-users anemic password practices, it is advisable to use Specops Password Policy, which extends nan functionality of Group Policy successful Active Directory and provides precocious password argumentation features, including:

• Custom dictionary database to artifact nan usage of passwords that tin beryllium commonly utilized successful your organization, for illustration institution sanction and location
• Settings to combat predictable creation patterns for illustration reusing portion of nan aged password, consecutive characters, and incremental characters
• Breached password protection pinch regular checks to artifact nan usage of complete 4 cardinal unsocial compromised passwords recovered connected known breached lists
• Passphrase support

Ransomware continues to germinate arsenic a preferred cybercriminal business model.

To conflict ransomware, organizations must boost their cyber defenses utilizing a layered information exemplary that involves enforcing beardown password policies and deploying different information solutions.

For instance, astir ransomware attacks statesman pinch a compromised password, so blocking nan usage of complete 4 cardinal unsocial compromised passwords helps forestall each cyberattacks that return advantage of this onslaught vector.

Sponsored and written by Specops Software.