The month of November 2023 witnessed a surge in ransomware victims, with criminal gangs taking advantage of the holiday season. The combination of a thin IT staff and the Christmas holidays created an opportune environment for companies to fall prey to hackers, especially those lacking in-house cybersecurity solutions to monitor their IT assets.
A report from Corvus Insurance revealed alarming statistics for November 2023, indicating a 39.08% increase in new victims compared to October 2023. This spike represented a staggering 100% surge compared to the same period last year, underscoring the growing threat of ransomware attacks.
Throughout the year, ransomware variants such as LockBit, Clop, Play, BlackCat (ALHPV), and Akira remained highly active. The top contender alone raked in a substantial $393 million from its victims, highlighting the lucrative nature of these cyber crimes.
The efficiency of ransomware-spreading gangs raises concerns about the factors contributing to their success. Many companies mistakenly believe that they are less likely to be targeted by cyber -criminals, assuming that only large firms are at risk. However, the reality has shifted, with hackers becoming increasingly sophisticated and innovative in their approaches. A staggering 73% of attacks prove to be financially rewarding for the hackers.
These malicious actors employ double or triple extortion tactics, ensuring financial gains through various means. They may threaten victims and coerce them into payment, or alternatively, sell stolen data on the dark web for profit. Valuable information such as bank credentials, email IDs, call records, contact numbers, and social security numbers can be used by cyber crooks to construct detailed online user profiles.
To mitigate the risk of falling victim to ransomware attacks, individuals and organizations must exercise caution when sharing sensitive information online. Vigilance against phishing and other social engineering attacks is crucial. Importantly, it is advised never to pay a ransom to criminal gangs, as there is no guarantee of receiving a decryption key, and the fate of the stolen information on their servers remains uncertain.