Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
Few cyberthreats create as much anxiety among security teams as ransomware attacks. Anxieties over ransomware threats are so high that research has found 74% of IT decision-makers actually believe ransomware should be considered a matter of national security, due to the use of double and triple extortion techniques.
However, GuidePoint Research and Intelligence Team’s (GRIT) quarterly ransomware threat report found that the number of ransomware victims decreased 34% in Q2 from Q1.
While this is a welcome reprieve for security teams, the report suggested that the reason for the decrease is the reorganization of the Conti cyber gang and Lockbit’s release of its 3.0 ransomware-as-a-service (RaaS) offering.
As a result, Drew Schmitt, a principal threat analyst at GuidePoint Security and ransomware negotiator, notes that “this does not appear to be a part of a larger trend of ransomware slowdown as Q3 has begun with large upticks in posting rates and four new ransomware groups being added to the ransomware threat landscape.”
The threat of ransomware today
In addition to the drop in ransomware attacks, the research also revealed that the U.S. was the most impacted country by ransomware. It highlighted the top four cyber gangs by a number of publicly posted victims as Lockbit 2, Alpha, Conti and Blackbasta.
Despite the drop in ransomware in this quarter, security teams need to be prepared for an increase in the level of threats in the latter half of this year.
Now with Lockbit 2 relaunching as Lockbit 3.0 it appears likely the RaaS economy will continue to grow. As Schmitt notes in the official announcement, “we expect to see an uptick of Lockbit 3.0 activity and potentially other restructuring and consolidation in affiliate-based ransomware operations.”
If this prediction is correct, enterprises will need to be even more vigilant about ransomware threats in the future, as even cybercriminals with low technical knowledge will be able to wage cyberattacks based on the complex ransomware infections created by other underground threat actors.
Key implications for CISOS
If there is an increase in ransomware activity later this year, CISOs have to have a strategy for hardening their organization’s defenses.
How this is done will depend on each enterprise’s priority risks, but Schmitt says that the majority of threat groups are exploiting vulnerabilities and misconfigurations that could be prevented through good old-fashioned cybersecurity fundamentals.
This means deploying updates and patches to mitigate potential entry points, while using vulnerability and attack surface management tools to seek public-facing exposures and mitigating them before a threat actor has a chance to exploit them.
Going forward, taking simple proactive steps to progressively enhance the security of the enterprise is critical for making continual improvements in security posture, and making it considerably more difficult for an intruder to gain access to the environment and to encrypt or exfiltrate data.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.