By Aaron Sandeen, CEO, Cyber Security Works
It should be no surprise that ransomware is currently one of the most common attack vectors wreaking havoc on businesses worldwide. Attackers and ransomware operators are constantly looking for more vulnerabilities to weaponize and increase their arsenal of tools, tactics, and techniques. In fact, the FBI’s Internet Crime Report for 2021 recorded 649 ransomware attacks on critical infrastructure establishments, with nearly $50 million reportedly lost as a result.
Ransomware operators have become relentless and are weaponizing vulnerabilities faster than ever to achieve their goals.
The numbers don’t lie: Ransomware is on the rise.
Ransomware operators have become relentless and are weaponizing vulnerabilities faster than ever to achieve their goals. Since the year-end ransomware report was published, our analysis shows a substantial 7.6% increase in the number of vulnerabilities tied to ransomware in Q1 2022, with Conti dominating the list.
Critical industries such as food, automotive, healthcare, finance, and government organizations have taken a big hit this quarter, continuing the trend from 2021. In February 2022, cybersecurity advisories in the US, Australia, and the UK joined hands to alert organizations of increased ransomware attacks on critical infrastructure sectors. Before this, CISA released a mandate directing federal agencies and public sector organizations to patch a list of KEVs within fixed timelines.
All organizations are at risk from this threat, and most of them are not equipped to deal with it. Lack of cyber hygiene, budget restrictions, limited human resources, absence of talent, insufficient cybersecurity intelligence at the right time, and the lack of visibility and awareness are some factors that enable ransomware operators to undertake bold and crippling attacks. This threat has grown exponentially within two years from 57 to 310 vulnerabilities. We have watched affected organizations brought to their knees as they lose their reputation, trust, and brand value, resulting in the loss of business and customers.
How to use data to combat ransomware
Organizations must invest in determining and maintaining their attack surface to be aware of vulnerabilities. Suppose security teams are going to prevent ransomware attacks. In that case, they need to link their patch and vulnerability responses to a centralized threat intelligence management workflow that provides complete visibility into the ever-changing ransomware attack vectors through multi-source intelligence ingestion, correlation, and security actions.
Tools like vulnerability scanners, application and event monitoring systems, and patch management systems, among others, can be used to manage your attack surface. However, new research shows that organizations should be wary. Several crucial ransomware vulnerabilities are not being detected by some of the most well-known scanners. Over 3.5 percent of ransomware vulnerabilities were ignored in Q1 2022, putting businesses in serious danger. Fortunately, that represents a development over prior years, indicating that scanner manufacturers are addressing the issue. This emphasizes the value of having readily available ransomware statistics. To stay current with innovative solutions, cybersecurity experts must be aware of the always-shifting ransomware statistics.
Ransomware gangs today are like a business. Both have the same goal: to make money. Ransomware is rising because gangs like Conti are organized as successful businesses. This means also trying to stay one step ahead of the opponent, which to them are legitimate enterprises.
Only a small number of enterprises now have access to timely ransomware knowledge and data. Many people are unaware of the severity of the hazards they are exposed to. On average, eight days after a company publishes a vulnerability, it is weaponized. Attackers take full use of latencies because they present them with risky windows of opportunity.