One in three cyber incidents is due to ransomware

Ahead of International Anti-Romware Day on 12 May, Kaspersky's latest research reveals a worrying trend in global cybersecurity, with ransomware attacks set to account for a third of cyber incidents in 2023. The report shows the escalating threat of targeted ransomware groups, which saw a 30% increase globally compared to 2022, accompanied by a 71% increase in known victims.

Unlike random attacks, these targeted groups are targeting government agencies, prominent organisations and specific individuals within businesses. As cybercriminals continue to mount sophisticated and widespread attacks, the threat to cybersecurity is becoming increasingly acute.

In 2023, Lockbit 3.0 emerged as the most widespread ransomware, leveraging a builder leak in 2022 to create specialized variants targeting organizations around the world. BlackCat/ALPHV ranked second until December 2023, when a collaborative effort by the FBI and other agencies disrupted its activities. However, BlackCat recovered quickly, underscoring the resilience of ransomware groups. Third on the list was Cl0p, which breached the MOVEIt managed file transfer system, affecting more than 2,500 organizations by December 2023, according to New Zealand security firm Emsisoft.

In its 2023 State of Ransomware report, Kaspersky also identified several notable ransomware groups, including BlackHunt, Rhysida, Akira, Mallox and 3AM. In addition, as the ransomware phenomenon evolves, smaller groups are emerging that escape attention, posing new challenges for law enforcement. According to the research, the rise of Ransomware-as-a-Service (RaaS) platforms further complicates the cybersecurity situation, highlighting the need for proactive measures.

Kaspersky's incident response team noted that ransomware incidents will account for one in three cybersecurity incidents in 2023. In the survey, attacks through contractors and service providers emerged as prominent players, facilitating large-scale attacks with alarming effectiveness. Overall, ransomware groups demonstrated a sophisticated ability to understand network vulnerabilities, using a variety of tools and techniques to achieve their objectives.They used familiar security tools and exploited public domain vulnerabilities and native Windows commands to infiltrate their victims, highlighting the need for strong cybersecurity measures to defend against ransomware attacks and domain hijacking.

On May 12 - Anti-Romware Day - Kaspersky urges organisations to adhere to the recommended best practices aimed at protecting their operations from ransomware attacks:

• Always keep software up to date on all your devices to prevent attackers from exploiting vulnerabilities and infiltrating your network.
• Focus your defensive strategy on detecting lateral movement and data leakage online. Pay close attention to outbound traffic to identify cybercriminals' connections to your network. Create off-line backups that intruders cannot breach. Make sure you can quickly access them when needed or in case of an emergency.
• Enable ransomware protection for all endpoints. The free Kaspersky Anti-Ransomware Tool for Business protects computers and servers from ransomware and other types of malware, prevents exploits and is compatible with already installed security solutions.
• Install anti-APT and EDR solutions, which provide capabilities for advanced threat detection and detection, investigation and timely incident remediation. Provide your SOC team with access to the latest threat information and update them regularly with professional training. All of the above is available within Kaspersky Expert Security.
• Provide your SOC team with access to the latest threat intelligence (TI). The Kaspersky Threat Intelligence Portal is a single point of access for Kaspersky's TI, providing data and cyberattack intelligence collected by our team for over 20 years. 

To help businesses enable effective defences in these turbulent times, Kaspersky has announced access to independent, continuously updated and world-class intelligence on current cyber attacks and threats, free of charge.