Kaspersky report reveals ransomware accounts for a third of attacks

Kaspersky's latest research has unveiled a troubling trend in the global cybersecurity landscape: Ransomware attacks accounted for one-third of all cyber incidents in 2023. This alarming statistic underscores the escalating threat posed by increasingly sophisticated ransomware groups targeting a wide range of sectors.

The report, released for International Anti-Ransomware Day, highlights a 30% rise in the number of targeted ransomware groups globally compared to the previous year. This surge was accompanied by a 71% increase in known victims of these attacks. Researchers emphasised that these groups are not indiscriminate in their targets; they specifically focus on government agencies, prominent organisations, and key individuals within enterprises.

In 2023, LockBit 3.0 was identified as the most prevalent ransomware. This group leveraged a builder leak from 2022 to create custom variants that targeted organisations worldwide. BlackCat/ALPHV ranked second, although their operations were temporarily disrupted by a coordinated effort from the FBI and other agencies. Despite this setback, BlackCat quickly rebounded, demonstrating the resilience and adaptability of ransomware groups. Cl0p was the third most prevalent ransomware group, infamously breaching the managed file transfer system MOVEIt, affecting over 2,500 organisations by the end of 2023, according to New Zealand security firm Emsisoft.

The 2023 State of Ransomware report from Kaspersky also highlighted several other ransomware families, including BlackHunt, Rhysida, Akira, Mallox, and 3 AM. Additionally, it noted the emergence of smaller, more elusive ransomware groups which introduce new challenges for law enforcement agencies. The rise of Ransomware-as-a-Service (RaaS) platforms has further complicated the cybersecurity landscape, necessitating more proactive and robust defensive measures.

Attacks carried out via contractors and service providers have become prominent vectors, facilitating large-scale assaults with disturbing efficiency. Ransomware groups have shown a sophisticated understanding of network vulnerabilities, using a variety of tools and techniques to infiltrate their victims' systems. These include known security tools, public-facing vulnerabilities, and native Windows commands, highlighting the necessity for strong cybersecurity defences to prevent such breaches.

"Ransomware remains a formidable menace, infiltrating critical sectors and preying on small businesses indiscriminately," stated Dmitry Galov, head of Kaspersky's Global Research and Analysis Team (GReAT). "To combat this pervasive threat, it is imperative for individuals and organisations to fortify their defences with robust cybersecurity measures. Deploying solutions like Kaspersky Endpoint Security and embracing Managed Detection and Response (MDR) capabilities are pivotal steps in safeguarding against evolving ransomware threats."

To mark International Anti-Ransomware Day, Kaspersky has urged organisations to adhere to best practices aimed at bolstering their defences against ransomware attacks. These recommendations include keeping software updated to prevent exploits, focusing on detecting lateral movements and data exfiltration, setting up offline backups, enabling ransomware protection for all endpoints, and installing advanced threat discovery solutions. Additionally, ensuring that security operations centre (SOC) teams have access to the latest threat intelligence and upskilling them with professional training is crucial for maintaining robust defences.