In an evolving ransomware landscape in which adversaries seek to evolve past
the ability of their victims to defend, ransomware groups are shifting their attack
techniques away from phishing to put a greater emphasis on vulnerability abuse.
Vulnerability abuse has grown considerably, both in scope and sophistication, as
we extensively examined in our previous report, Slipping Through the Security
Gaps. And ransomware groups have become more aggressive in their methods
of both extortion and vulnerability exploitation, such as through in-house
development of zero-day attacks and bug bounty programs. Ransomware groups
are willing to pay for the opportunity for financial gain, whether it’s to pay other
hackers to find vulnerabilities in their ransomware software, or to acquire access
to their intended targets via initial access brokers (IABs).
A deeper examination of the data reveals dangerous trends, echoing the
explosion of high-profile attacks in 2022. Trends emerge in the growth of
victims in various industries. Verticals with a rise in Internet of Things device
connections, especially in manufacturing, have incurred a higher ransomware
victim count. Yet, even verticals with a smaller victim count have been greatly
affected, such as in healthcare, in which successful ransomware attacks could
have severe consequences. Attackers are also shifting gears regarding tactics
that can generate a more profitable pathway of value. They are finding more
success as they move away from their initial extortion tactic — encryption — and
focus their efforts more on data theft to gain an advantage over organizations
relying on their backups. Attackers can also resort to multiple extortion tactics,
including harassing the victim’s customers or partners through emails or phone
calls. Indeed, ransomware has evolved into a cybercriminal enterprise that goes
beyond holding files or systems hostage.
We lay out the ransomware landscape in this State of the Internet (SOTI) report
by exploring some of the most effective attack techniques and tools that
ransomware groups are utilizing to achieve initial access through exfiltration. We
also provide an extensive list of safeguarding techniques and recommendations.
It is crucial that both industries and individuals protect themselves from the new
wave of ransomware attacks, and this report will help provide insights for better
defense and risk management of this growing concern.