Ransomware is an escalating problem. It halted operations of Toyota factories in Japan for 24 hours in February. It forced Lincoln College, a 157-year-old school, to close its doors in May. It also forced Costa Rica to declare of state of emergency in May. These are only a few of the countless organizations that have been impacted by ransomware attackes.
Those incidents are concerning because organizations of all sizes are at risk. What’s even more concerning is that, according to SpyCloud’s “2022 Ransomware Defense Report,” 90% of organizations were affected by ransomware in some capacity over the past 12 months, an increase from 2021’s 72.5%. Conversely, the number of companies that have not been hit by ransomware dropped from almost 30% in 2021 to 10% in 2022. In addition, there’s been an uptick in the number of companies experiencing multiple attacks:
- 50% were hit two to five times in the past year, compared to 33.5% the previous year.
- More than three-fourths of those were hit between two times and 10-plus times in the past year, compared to nearly 52% the year before.
These numbers correlate with the feeling across the board among organizations that confidence in ransomware mitigation solutions is decreasing. Companies realize threats slipped through their defenses, which is forcing those companies to upgrade or add new security measures.
The three main vectors ransomware slipped through, according to the organizations, are unpatched vulnerabilities, phishing emails and unmanaged devices. Unpatched vulnerabilities are a commonly known tactic used by bad actors.
When it comes to concerns with phishing, most thought of RedLine Stealer, one of the more widely used infostealers for Windows devices often distributed through phishing campaigns. Stolen data included stored passwords, browser fingerprints and session cookies, which threat actors use to log into corporate applications and systems, bypassing MFA, to launch a ransomware attack
Unmanaged devices are a cause for concern because there is a lack of visibility. These devices cannot be monitored for threats such as malware and third-party application exposures.
“Organizations are right to be concerned about unwitting insider threats — their cybersecurity measures are failing to close gaps that are leading to ransomware attacks,” said SpyCloud CEO and co-founder Ted Ross. “Organizations may not be aware that undetected malware infections on personal devices represent the riskiest of those gaps.”
Malware infections are more widespread than many organizations realize. Through analysis of botnet logs recaptured in 2022, SpyCloud researchers identified over 6 million malware-infected devices with application credentials siphoned. On average, in 2022, SpyCloud researchers found as many as 156 million siphoned application login credentials.
“Effective ransomware prevention strategies must focus on the entry points security teams can’t see – the cloaked attack surface that includes third-party applications and unmanaged machines outside their standard monitoring purview,” said Ross. “A single malware-infected device can compromise hundreds of corporate applications.”
Given how ransomware operates, defense solutions in place among surveyed organizations are data backup, MFA, user awareness training, network/resource segmentation, email security and patching and secure configuration management. These solutions show the primary focus for security teams is on stopping malware and its related entry points while also preparing to restore and recover data when an incident inevitably takes place.
Edited by
Erik Linask
