According to one cybersecurity firm’s recent analysis of 106 global high profile cyberattacks, this could be a developing trend

In analyzing 106 highly publicized attacks across the globe (including those in South-east Asia between July and Aug 2022), researchers from Barracuda Networks have noticed that fewer ransomware victims have been paying ransoms due to their “better defenses” during that period.

Since the discovery of the trend of double-threat extortion ransomware in 2021, the data in review, which included the firm’s own incident response statistics, showed that some attackers have even been demanding a late fee or penalty if ransom payments are not made promptly. In response, improved collaboration between countries and their government leaders had created a collaborative environment for cracking down on ransomware threats, and in the review period, fewer victims had paid the ransom and more businesses were standing firm, especially in attacks on critical infrastructure.

The data also showed the following:
    • Attacks on educational institutions had more than doubled
    • Attacks on healthcare and financial organizations had tripled
    • Municipalities had seen a 4% rise in attacks targeting municipalities, with attacks on critical infrastructure quadrupling over the same period
    • Businesses across industries, including service providers (due to the nature of the access they have to their clients’ systems) had been hit the most (14%)
    • Automobile, hospitality, media, retail, software, and technology organizations also saw increased levels of attacks

Commenting on the research, the firm’s Director of Solution Architects (APAC), Mark Lukie, said: “Many cybercriminals target small businesses in an attempt to gain access to larger organizations. As a result, it is essential for security providers to create products that are easy to use and implement, regardless of a company’s size. Additionally, sophisticated security technologies should be available as services, so that businesses of all sizes can protect themselves against these ever-changing threats. By making security solutions more accessible and user-friendly, the entire industry can help to defend against ransomware and other cyberattacks.”  

From the trends observed, the firm recommended disabling macro scripts from Microsoft Office files;  segmentation of the network; removal of unused or unauthorized applications; enhanced web application and API protection services; and reinforcement of access control on backups.