Ransomware may show some decline, but awareness and education will still be key in fighting the threat as a company or as an individual.
According to cybersecurity experts, ransomware attacks seemed to have dropped, quite considerably in 2022.
The SonicWall Cyber Threat Report showed a 21-percent decline globally in ransomware attacks from 2021 to 2022. Even the USA, one of the most prominent targets in ransomware attacks, witnessed a staggering decline of 48%.
Discoveries from The X-Force Threat Intelligence Index 2023 report, by IBM Security’s X-Force unit illustrated a marked improvement in the prevention of ransomware attacks in 2022.
This however does not signify that ransomware has become a thing of the past. Instead, trends suggest that perpetrators are being more selective in their targeting of attacks, choosing high-value corporations instead of individual users.
In a positive note, the IBM report shows a significant increase in the number of attacks that were successfully stopped before they could progress to ransomware deployment. One of the major reasons behind the decline in attacks according to the SonicWall report is the increasing number of organizations who implemented robust backups and incident response plans. This has resulted in encrypted files not posing as hopeless a scenario for corporations as compared to previous years.
The effect of Russia-Ukraine war
Other global factors seemed to have also contributed to the fall in ransomware attacks, especially the ongoing Russia-Ukraine conflict. Rob Joyce, the US National Security Agency (NSA) Director of Cybersecurity shared an interesting information at a cybersecurity event (CYBERUK 2022).
“With roughly two-thirds of state-sponsored cyberattacks coming from Russia, and 75% of money generated by ransomware in 2021 going to groups “highly likely to be
affiliated with Russia,” anything affecting that country has an outsized effect on cybercriminals, and in turn, cybercrime.” Joyce further opined that sanctions have made it harder for cybercriminals to move money and buy infrastructure needed for attacks, making cybercriminals less effective.
Additionally, several key law enforcement interventions in the USA, UK, Canada, and Russia seemed to have dented ransomware attack groups. Case in point being Russia’s arrest and dismantling of the REvil ransomware group in January 2022. REvil is believed to be responsible for the Kaseya attack, one of the most high-profile attacks in recent memory.
No resting on laurels
Despite these encouraging signs for the cyber defence community, the overall volume of ransomware attacks in H1 2023 is expected to be on par with 2022. CyberCube, in its new report, anticipates renewed attempts to hijack IT supply chains, geopolitical targets such as government agencies and non-government organizations.
In 2023, according to Cisco Talos Intelligence Group, it has become vital to ensure that robust and multi-layered security strategies are implemented to combat ransomware.
In their annual report, Cisco underlined the need for organizations to focus on employee awareness and education initiatives to tackle the dangers of ransomware.
Sharing threat intelligence and collaborating with industry peers, government bodies, and cyber security firms is key in thwarting ransomware or extortion attacks, the report added.
What to do
However, collating various resources it becomes apparent that whether you are an individual or a company there are some fundamental steps that one must take to protect yourself from ransomware attacks:
- Always update your OS: Microsoft and Apple frequently release updates for their respective OS platforms. These often contain critical patches or fixes for bugs and vulnerabilities that cyber criminals can exploit to launch an attack.
- Periodic data backup: Ransomware works on the basic practice of encrypting your data making it unavailable to you unless you pay a hefty ransom. Backing up your data on the cloud or a hard drive, ideally both, can take away this crucial leverage from the hackers. Schedule periodic backup of all your data so that you always have the latest version of the backup in case your data is hijacked by cyber criminals.
- Use cybersecurity software: These days, most anti-virus softwares provide e-mail scanning functionality and can detect most viruses and malware on your computer. E-mails have become one of the most common means to compromise unsuspecting and naïve employees and individuals. Cybercriminals use imposter tactics (phishing) by sending genuine-looking emails that leads the victims to click a link or download a file. This then installs the ransomware on the victim’s device and consequently spreads to other devices connected to that network. Hence, having a functional and updated anti-virus software is crucial in forming a strong line of defence against malware.
- Raise security awareness in your company: Several ransomware attacks occur and spread due to human unawareness, negligence, and downright error. For example, clicking on an apparent harmless link in your e-mail inbox can have catastrophic consequences that spreads to all devices in the company’s network. Educate yourself and your employees about the importance of cybersecurity and being aware of cyber threats. Having administrator only access for critical data and using complex passwords coupled with multi-factor authentication are simple yet effective ways of preventing compromise of the data.
Above all, it has become increasingly obvious that cybersecurity is a cat-and-mouse game. Cybercriminals often pivot to other methods and means in attempt to stay one step ahead of cyber defence communities and vice-versa. Therefore, despite the drop in successful ransomware attacks, they are not expected to cease entirely any time soon. Thus, cybersecurity experts warn against any type of complacency among individuals as well as corporations in resisting this ever-evolving threat.
In conclusion, increasing awareness and education will continue to serve as the most potent tactic to tackle this modern menace of the cyber age.