Ransomware Resurgence: A Renewed Wave of Cyber Threats

 

Harvard Business Review reports claim that cyberattacks have increased dramatically since the overnight shift from remote to office work in 2020. In 2020, all types of cyberattacks have increased over the previous year, but ransomware is by far the largest growth rate. A total of more than 3000% increase has been seen in the amount of money paid by victims of these attacks. 

It is pertinent to note that in 2022, due to a concerted effort by international law enforcement agencies to crack down on ransomware attacks, payments to hackers and even the number of attacks dropped. However, this trend does not appear to hold in 2023, and it appears that attacks have increased once again. 

Chainalysis reports that ransomware victims paid a total of $449.1 million to ransomware groups during the first 6 months of this year, according to their data. The $500 million achieved by 2022 did not even come close to that. 

Based on the company's data, if the rate of payments continues this year, the total amount for 2023 could reach $898.6 million. This is if the payment pace continues. Based on Chainalysis' calculations, this would place 2023 second for ransomware revenue after 2021. This is when attackers extorted $939.9 million from their victims in 2021, according to Chainalysis. 

The cyber intelligence research center at CYFIRMA has detected a suspected new malware variant dubbed LetsDance, which may have been targeted at a variety of industries, including financial, retail, manufacturing, and critical infrastructure companies. The threat actor behind this campaign turns out to be the North Korean group TENJACKAL of North Korean origin. 

In the United States, Brazil, Japan, Australia, Thailand, and other South-East Asian countries, there are groups called "TENJACKAL" that are financially motivated and engage in activities such as website defacement, malware operations, and phishing. This threat group includes individuals who repurpose existing malware, ransomware, and malicious codes to create original attack strains using existing malware. 

A three-stage attack technique called Incursion, Snitch, and Encroachment (ISE Framework) is used by LetsDance Ransomware to infect, propagate and decrypt a computer, as well as to demand payment from users. At the incursion stage of the attack, LetsDance uses spear-phishing and watering holes (fake websites) as its predominant techniques as they use spear-phishing and watering holes to spread their malware. 

Forbes describes ransomware as malicious software that attackers use to block access to a system or data. This is until they are paid to enable that system or data to be accessed again. Ransomware attacks make headlines regularly. 

An attack on Colonial Pipeline, one of the largest fuel pipelines in the United States, in April 2021 resulted in fuel shortages across more than half of the U.S., due to the compromise of a single password. Colonial would have to pay the hackers a ransom of $4.4 million before it could get out of the situation. 

After that, JBS Foods paid cybercriminals $11 million in ransom for the loss of plants that process roughly one-fifth of all the meat in the country, which has been a persistent issue for about a year now. Various external factors, including international sanctions imposed following Russia's invasion of Ukraine, that hampered the movement of ransom money, contributed to a decrease in the number of attacks last year, according to the report. 

The Ransomware Threat Landscape Report, released by the Cyber Threat Intelligence Center, revealed a variety of new ransomware groups emerging in February and March of this year. In addition, there were several major ransomware attacks. 

As reported in the study, businesses in the manufacturing industry and organizations in the professional, scientific, professional, and technical services sectors were the hardest hit. They made up nearly 35% of all ransomware victims. 

Around 17% of the people who were attacked were victims of ransomware, and the most common industries involved were education, retail trade, and health care. Despite its analysis, Black Kite said that there is an emerging trend among ransomware attacks targeting educational services, wholesale management, and remediation services as they emerge as trending industries.

There is a report that states that ransomware groups often target businesses with annual revenues between $50 million and $60 million to gain financial resources. This is because these companies may have the financial resources to pay for ransomware, however, their security measures aren't as robust as larger companies. 

The U.S. was the biggest victim organization in the study, claiming 43% of all victim organizations. 

Changing Trends in Ransomware Attacks 

As a result of a dramatic increase in ransomware attacks, these attacks have become more common but also more expensive than ever before. 

In the last few years, there have been several well-organized crime organizations that have distributed malware, such as the cybercrime group known as DarkSide which is associated with the Colonial breach, which was connected with Russia. In my opinion, these types of organizations are diligent in their research, as they are looking for the most sensitive information about the company, and even attacking the backup systems. 'Have a good understanding of the company's finances, a good understanding of the industry in which it operates, and a good understanding of how to exploit the company to its fullest potential, ' Harvard Business Review writes. 

Cybersecurity Ventures predicts that by 2031, ransomware damage costs will exceed $265 billion. This is a significant increase from $20 billion in 2021. A common example of this kind of attack is Ransomware 2.0, in which the attacker hijacks the data for encrypting it before stealing it. When the victim refuses to pay for decryption, the attacker can move to another strategy and threaten to release or leak sensitive information publicly. This is a technique known as "extortionware," where the attacker threatens to leak information to competitors. The dark web is usually targeted by criminals who demand cryptocurrency as ransom in exchange for accessing their data.