The growing threat of ransomware attacks — and how to tackle it

Imagine waking up to a message on your computer screen demanding payment in exchange for your files or access to your system. Your heart races as you realize that all your important documents, data, and critical work files are inaccessible. This is becoming increasingly common, as ransomware continues to evolve and wreak havoc on individuals and organizations alike.

A recent report by ExpressVPN analyzing data from CyberInt, highlights a dramatic 56% surge in ransomware incidents, tallying over 4,368 successful attacks in 2023. Overall, at least 318 million ransomware attempts were detected globally according to market research firm, Statista.

The sheer volume of attacks suggests a grim reality that the ransomware landscape is growing more treacherous by the day.

What is ransomware?

Ransomware is malicious software designed to encrypt or lock access to a victim’s files or entire computer system until a ransom is paid. It typically infiltrates systems through deceptive emails, malicious links, or exploit kits. Once infected, the victim is left with limited options, often forced to pay the ransom to regain access to their data.

So far, ransomware has surged to the forefront as the most notorious type of malware. In 2023, the financial impact of ransomware incidents reached unprecedented levels, with total cryptocurrency payments to ransomware gangs reaching $1 billion, the highest ever recorded, as seen in a previous report covered by Techloy.

The major culprit in the recent surge of ransomware attacks is the rise of Ransomware-as-a-Service (RaaS), the dark web's "criminal franchise". This operates by developers creating ransomware tools and "leasing" them out to anyone willing to pay, significantly lowering the barrier to entry. Now, individuals with minimal technical skills can launch sophisticated attacks, which has led to a dramatic increase in both the number and severity of ransomware incidents.

What is the Role of AI?

Despite AI's positive applications, ransomware attackers have found a use for the technology and are increasingly turning to AI to personalize and amplify their assaults. Generative AI has made it easier to create highly believable phishing campaigns using deepfakes to create visual content, and AI-powered voices for scam calls.

These bad actors also exploit the technology to increase the proliferation and efficiency of ransomware attacks. By analyzing vast datasets, AI enables them to swiftly pinpoint vulnerable individuals and organizations, launching multiple, precise and targeted attacks.

What are the impacts of ransomware?

From individuals to organizations, the targets of ransomware attacks are diverse and widespread, leaving a trail of disruption and financial loss in their wake. These attacks can impose financial, operational, and psychological harm on victims, eroding customer trust and potentially leading to loss of business opportunities.

Financially, victims face the burden of paying the ransom, potential loss of revenue due to downtime, and the cost of recovery efforts. Psychologically, victims can feel a violation of privacy and loss of esteem.

Statista recently predicted that the annual cost of cybercrime worldwide will increase by 69.94% between 2023 and 2028. This Techloy chart below shows the number of victims of ransomware by quarter between 2022 and 2023, based on data from CyberInt.

Why are ransomware attacks so common?

Ransomware groups are no longer solely motivated by financial gain. Some target specific industries or individuals to further geopolitical objectives, such as Hacktivists employing ransomware for social or political activism. Espionage hackers may target foreign governments and corporations to steal sensitive information.

However, the biggest motivation remains financial gain, usually perpetrated by Black Hat Hackers engaging in illegal activities. On the other hand, other groups like White Hat Hackers (Ethical Hackers) use their skills to identify and address system vulnerabilities. Other groups include Gray Hat Hackers and Script Kiddies.

What is the most popular ransomware?

Ransomware has evolved beyond the two most common – Locker ransomware and crypto ransomware – and now accommodates a vast number of them, each with its own insidious method of disruption;

1. Locker ransomware: Blocks basic computer functions. You can't access your desktop, and your mouse and keyboard might be partially disabled until the ransom is paid.
2. Crypto ransomware. Encrypts your important data but does not interfere with basic functions. Attackers often add a countdown timer, threatening to delete your files if the ransom isn’t paid in time.
3. Leakware (Doxware): Threatens to publicize personal data from your hard drive unless the ransom is paid.
4. Wiper Ransomware: Destroys data entirely, rather than just locking or encrypting it.
5. Ransomware-as-a-Service (RaaS): Developers offer their tools to affiliates who carry out the attacks, making sophisticated ransomware accessible to even novice cybercriminals.
6. Distributed Denial of Service (DDoS) Ransomware: Frustrates service by exhausting resources of an application, website, or network until a ransom is paid.

Which tactics do ransomware attackers use?

Cybercriminals continuously evolve their ransomware tactics, becoming increasingly sophisticated and widespread to maximize their success rates. Though ransomware strategies change constantly, ransomware attacks have a common theme. This strategy involves seeking high-value, high-profile targets and timing attacks to inflict extensive damage. That is not to say small businesses or even an individual cannot get hit by ransomware.

These cybercriminals often leverage psychological tactics like threatening to leak data on public shaming sites, adopting virtual or physical intimidation, and through social engineering giving up personal details. The anonymity the dark web provides to communicate with victims and facilitate ransom payments complicates tracking and prosecution efforts.

What are the world's biggest ransomware groups?

The top ransomware groups include:

• LockBit: Operating since 2019 under the RaaS model, it became the most active ransomware group by 2022, with over 300 announced victims in the first quarter of 2023.
• Clop Ransomware: Emerging in 2019, this group has extorted over $500 million in ransom payments from businesses by using strong encryption algorithms to render essential files inaccessible in exchange for ransom.
• DarkSide: Operating under the RaaS model, this group gained notoriety in 2021 following the attack on Colonial Pipeline, leading to widespread fuel shortages in the Eastern United States.
• ALPHV (BlackCat): Distinguished by being the first to be written in Rust, a highly secure programming language. In 2023, it had over 1,000 victims and about $300 million in ransom.

How can companies tackle ransomware?

Addressing this menace requires a multi-faceted approach. Individuals and organizations must prioritize:

• Hardening Endpoints: Deploy antivirus and anti-malware software across all devices. Use firewalls and IDS to monitor network traffic and block malicious activity.
• Maintaining Backups: Ensuring regular backups are stored in secure, isolated locations to restore data and systems if an attack occurs.
• Implementing Intrusion Detection System (IDS): Monitors network traffic for unusual patterns and alerts the administrator to suspicious activity.
• Network Segmentation: Divide the network into smaller, isolated segments to limit the spread of ransomware.
• Security Awareness Training: Train employees to recognize phishing emails and other common delivery methods for ransomware. Regular training programs can significantly reduce the chances of an attack being successful.

Conclusion

As ransomware continues to pose a significant threat to individuals and organizations worldwide, the need for robust cybersecurity measures has never been greater.

Individuals and businesses must prioritize cybersecurity measures like robust encryption and regular backups. Collaboration between governments and cybersecurity firms is crucial to disrupt criminal infrastructure and develop effective detection methods. And, raising awareness about ransomware and best practices is essential to empower everyone to play a role in defense.

If these measures are implemented, we can create a more resilient digital landscape and deter the growing threat of ransomware attacks.