Escalating Ransomware Diminishes Organizations' Confidence

Escalating Ransomware Diminishes Organizations' Confidence

By Greg Tavarez

Ransomware is an escalating problem. It halted operations of Toyota factories in Japan for 24 hours in February. It forced Lincoln College, a 157-year-old school, to close its doors in May. It also forced Costa Rica to declare of state of emergency in May. These are only a few of the countless organizations that have been impacted by ransomware attackes.

Those incidents are concerning because organizations of all sizes are at risk. What’s even more concerning is that, according to SpyCloud’s “2022 Ransomware Defense Report,” 90% of organizations were affected by ransomware in some capacity over the past 12 months, an increase from 2021’s 72.5%. Conversely, the number of companies that have not been hit by ransomware dropped from almost 30% in 2021 to 10% in 2022. In addition, there’s been an uptick in the number of companies experiencing multiple attacks:

  • 50% were hit two to five times in the past year, compared to 33.5% the previous year.
  • More than three-fourths of those were hit between two times and 10-plus times in the past year, compared to nearly 52% the year before.

These numbers correlate with the feeling across the board among organizations that confidence in ransomware mitigation solutions is decreasing. Companies realize threats slipped through their defenses, which is forcing those companies to upgrade or add new security measures.

The three main vectors ransomware slipped through, according to the organizations, are unpatched vulnerabilities, phishing emails and unmanaged devices. Unpatched vulnerabilities are a commonly known tactic used by bad actors.

When it comes to concerns with phishing, most thought of RedLine Stealer, one of the more widely used infostealers for Windows devices often distributed through phishing campaigns. Stolen data included stored passwords, browser fingerprints and session cookies, which threat actors use to log into corporate applications and systems, bypassing MFA, to launch a ransomware attack

Unmanaged devices are a cause for concern because there is a lack of visibility. These devices cannot be monitored for threats such as malware and third-party application exposures.

“Organizations are right to be concerned about unwitting insider threats — their cybersecurity measures are failing to close gaps that are leading to ransomware attacks,” said SpyCloud CEO and co-founder Ted Ross. “Organizations may not be aware that undetected malware infections on personal devices represent the riskiest of those gaps.”

Malware infections are more widespread than many organizations realize. Through analysis of botnet logs recaptured in 2022, SpyCloud researchers identified over 6 million malware-infected devices with application credentials siphoned. On average, in 2022, SpyCloud researchers found as many as 156 million siphoned application login credentials.

“Effective ransomware prevention strategies must focus on the entry points security teams can’t see – the cloaked attack surface that includes third-party applications and unmanaged machines outside their standard monitoring purview,” said Ross. “A single malware-infected device can compromise hundreds of corporate applications.”

Given how ransomware operates, defense solutions in place among surveyed organizations are data backup, MFA, user awareness training, network/resource segmentation, email security and patching and secure configuration management. These solutions show the primary focus for security teams is on stopping malware and its related entry points while also preparing to restore and recover data when an incident inevitably takes place.

Edited by Erik Linask
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

Related Articles

MSP Expo Sponsor Wildix Launches E-Learning Platform

By: Greg Tavarez    6/24/2024

MSP Expo sponsor Wildix launched its new e-learning platform designed to enhance training and certification processes for MSPs and system integrators.

Read More

Strategizing to Strengthen Asset Intelligence Capabilities, Courtesy of Sevco Security and GuidePoint Security Partnership

By: Alex Passett    6/24/2024

Last week, a new strategic reseller partnership was announced between Sevco Security and GuidePoint Security.

Read More

SUSE Launches Cloud Elevate Program

By: Stefania Viscusi    6/24/2024

SUSE announced a new SUSE One Cloud Elevate Program, designed to empower SUSE One partners to sell SUSE's open-source solutions more effectively.

Read More

What You Need to Know About KnowBe4's New PhishER Plus Threat Intel

By: Alex Passett    6/20/2024

Renowned phishing awareness company KnowBe4 is rolling out additional features for its PhishER Plus offering - PhishER Plus Threat Intel packs one hec…

Read More

DataStrike Acquires MiCORE, Creating SMB Data Infrastructure Powerhouse

By: Greg Tavarez    6/18/2024

DataStrike recently completed the acquisition of MiCORE in a transaction that will form a large MSP specializing in data infrastructure services for S…

Read More