It’s rife, in fact stats suggest globally there’s a ransomware incident every 5 seconds. And the ransom demands in 2022 ratcheted up by 300% – that’s some serious inflation. It’s a headache for cyber insurers too, who have followed suit with up to 300% increases in the cost of cover. Those that haven’t exited the market are recouping historical losses while wrestling with how to price the risk of the threat.

We did however see some significant developments in the world of ransomware in 2022:

↓ 40% less – cryptocurrency extorted from ransomware attacks (Chainalysis)

↑ 10,000+ – unique ransomware strains, a dramatic increase (Fortinet)

Cyber-crime gangs have had a 40% drop in earnings as more and more victims are refusing to pay ransom demands, but this is not leading to the end of ransomware attacks. On the contrary, the variety of ransomware attack techniques has increased, indicating that criminals are looking to carry out more sophisticated attempts to make up for lost payments. What is worrying is that these attacks are increasingly targeting smaller organisations, meaning that vigilance and cyber-security measures are essential.

The decrease in revenue is attributed to a mix of factors. Sanctions against hackers and their affiliates, making it more legally risky for victims to pay ransoms have been effective. There is also greater public awareness, leading to better-protected back-ups, making it more likely that victims will be able to revive their data without paying the hackers. Lastly, several police operations were successful in capturing members of major ransomware gangs and recovering stolen funds, sending a signal that authorities will take a hard stance against this type of crime.

With the launch of the International Counter Ransomware Task Force (ICRTF) in January 2023, we expect the 36 member states to further disrupt ransomware gang activity. However, the indicators suggest larger ransomware gangs are splitting into smaller groups resulting in a higher volume of unique ransomware attacks targeting smaller organisations outside of the ‘big-game hunting’ where larger payments have historically resulted. Ultimately, ransomware remains extremely profitable and smaller-sized organisations should be even more vigilant as hackers spread their net wider to get paid and avoid capture.

Ransomware resilience is more important than ever for SMEs.

To avoid the stress, embarrassment and financial impact caused by adverse cyber events like ransomware, it’s wise to take action, be prepared and implement reasonable controls to minimise the impact of an incident.

Combining many years of experience with an understanding of the attack allows Saepio to recommend integrated effective solutions protecting against ransomware and importantly detecting and responding fast should the worst happen. There are numerous stages to a ransomware attack meaning security ‘layers’ are wise to increase resilience.

• Conduct a specific ransomware defence penetration test with Saepio to understand where weaknesses exist and help prioritise your hardening plan.
• Utilise a leading email security solution (like Abnormal or Egress) to block malicious emails that are often clicked and result in ransomware infections.
• Educate users and increase cyber awareness when it comes to suspect emails, attachments, web links and other social engineering techniques. Saepio’s Managed Security Awareness Training service helps conquer human error that leads to ransomware.
• Utilise a vulnerability scanner (like Rapid7) to identify high risk vulnerabilities in your IT estate then prioritise and automate patching with an integrated platform (like Automox) to prevent malware exploits.
• Deploy a modern endpoint security solution to protect against advanced threats – tools like CrowdStrike have superior capabilities over traditional AV to automatically detect and contain an infected device.
• Use a next generation secure web gateway (like Netskope) that blocks malicious traffic and ransomware payloads.
• Ensure all data is backed up immutably and test the recovery process works.  Cloud platforms like Druva are compelling.
• Do not pay a ransom! Employ a specialist 24×7 Incident Detection and Response team (like Rapid7 MDR) to continuously monitor and alert you to any incident, automatically contain it and if you need ‘emergency help’, they’ll be on hand ready to go with all the forensic information (SIEM). Involve the authorities and learn lessons following root cause analysis.
• If you’ve got all the bases covered, simulate a ransomware incident (guided by a Saepio vCISO) to test your Cyber Incident Response Plan and ensure all stakeholders are prepared to minimise the impact in a crisis scenario.