Escalating Ransomware Diminishes Organizations' Confidence

Escalating Ransomware Diminishes Organizations' Confidence

By Greg Tavarez

Ransomware is an escalating problem. It halted operations of Toyota factories in Japan for 24 hours in February. It forced Lincoln College, a 157-year-old school, to close its doors in May. It also forced Costa Rica to declare of state of emergency in May. These are only a few of the countless organizations that have been impacted by ransomware attackes.

Those incidents are concerning because organizations of all sizes are at risk. What’s even more concerning is that, according to SpyCloud’s “2022 Ransomware Defense Report,” 90% of organizations were affected by ransomware in some capacity over the past 12 months, an increase from 2021’s 72.5%. Conversely, the number of companies that have not been hit by ransomware dropped from almost 30% in 2021 to 10% in 2022. In addition, there’s been an uptick in the number of companies experiencing multiple attacks:

  • 50% were hit two to five times in the past year, compared to 33.5% the previous year.
  • More than three-fourths of those were hit between two times and 10-plus times in the past year, compared to nearly 52% the year before.

These numbers correlate with the feeling across the board among organizations that confidence in ransomware mitigation solutions is decreasing. Companies realize threats slipped through their defenses, which is forcing those companies to upgrade or add new security measures.

The three main vectors ransomware slipped through, according to the organizations, are unpatched vulnerabilities, phishing emails and unmanaged devices. Unpatched vulnerabilities are a commonly known tactic used by bad actors.

When it comes to concerns with phishing, most thought of RedLine Stealer, one of the more widely used infostealers for Windows devices often distributed through phishing campaigns. Stolen data included stored passwords, browser fingerprints and session cookies, which threat actors use to log into corporate applications and systems, bypassing MFA, to launch a ransomware attack

Unmanaged devices are a cause for concern because there is a lack of visibility. These devices cannot be monitored for threats such as malware and third-party application exposures.

“Organizations are right to be concerned about unwitting insider threats — their cybersecurity measures are failing to close gaps that are leading to ransomware attacks,” said SpyCloud CEO and co-founder Ted Ross. “Organizations may not be aware that undetected malware infections on personal devices represent the riskiest of those gaps.”

Malware infections are more widespread than many organizations realize. Through analysis of botnet logs recaptured in 2022, SpyCloud researchers identified over 6 million malware-infected devices with application credentials siphoned. On average, in 2022, SpyCloud researchers found as many as 156 million siphoned application login credentials.

“Effective ransomware prevention strategies must focus on the entry points security teams can’t see – the cloaked attack surface that includes third-party applications and unmanaged machines outside their standard monitoring purview,” said Ross. “A single malware-infected device can compromise hundreds of corporate applications.”

Given how ransomware operates, defense solutions in place among surveyed organizations are data backup, MFA, user awareness training, network/resource segmentation, email security and patching and secure configuration management. These solutions show the primary focus for security teams is on stopping malware and its related entry points while also preparing to restore and recover data when an incident inevitably takes place.

Edited by Erik Linask
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

Related Articles

Kong's New Dedicated Cloud Gateways: Fully Managed for Optimal Efficiency

By: Greg Tavarez    10/3/2023

Kong introduced Kong Konnect Dedicated Cloud Gateways, which offers a straightforward and budget-friendly approach to deploying Kong Gateways in the c…

Read More

Kterio and eSentire Team Up to Protect Critical Infrastructure from Cyber Threats

By: Greg Tavarez    9/29/2023

Combined, eSentire and Kterio are positioned to deliver a 24/7 full-scale solution to support teams in charge of critical infrastructure firms.

Read More

GoSecure Signs on as a Silver Sponsor for MSP Expo 2024, Part of the #TECHSUPERSHOW

By: TMCnet News    9/29/2023

Leading Communications and Technology Event Returns to Florida for the 24th Consecutive Year.

Read More

Gaichu Managed Services and Overwatch by High Wire Networks Bring Advanced Cybersecurity Solutions to US

By: Greg Tavarez    9/28/2023

Gaichu Managed Services is bringing 24/7 monitoring and rapid response capabilities to SMBs through a partnership with High Wire Networks' Overwatch M…

Read More

Stamus Networks Expands Reach Through Ayscom Reseller Pact

By: Greg Tavarez    9/28/2023

Stamus Networks expanded its reach to Spain and Portugal through a reseller agreement with Ayscom.

Read More