Check out all the on-demand sessions from the Intelligent Security Summit here.

A new report from IBM Security reveals that ransomware groups may have “nine lives” after all, as the average lifespan of a ransomware group before it’s shut down or rebranded is about 17 months. While government attention and law enforcement takedowns in 2021 may have contributed to a brief slowdown in ransomware activity, the data suggests that many ransomware gangs could go into hiatus, rebranding or rebuilding their infrastructure to come back renewed and stronger. These groups have the funds to back their rebranding investment, as ransomware continues to be the most popular attack method observed globally, and is a lucrative business model for these operators. 

Ransomware attackers set their sights on the manufacturing sector in 2021, which was predominantly hit. Ransomware groups recognized the fragility of global supply chains amid the pandemic and went after the organizations which pillar them — manufacturers.  Nearly one in four cyberattacks globally were against manufacturers, indicating that attackers found leverage in the critical role they play for the economy.

For example, in Asia, a region on which many of the world’s supply chains depend, manufacturing was one of the top-attacked industries. Cybercriminals wagered on the broader impact an attack on these organizations would have on the larger global business ecosystem. 

Bar graph that shows the average lifespan for three different ransomware groups, including Maze, Ragnarok, and BlackMatter. Average lifespan indicated is 17 months.

Ransomware groups’ resilience makes it imperative for businesses to put plans in place to prepare themselves if they find themselves in front of ransomware operators’ target scope. Rehearsing playbooks and simulating real-world feeling cyberattacks are key practices that need to become part of a businesses’ resilience strategy. It will also force businesses to be more intentional about modernizing their infrastructure and determining where they keep their critical data — to better control and secure the “who, what and why” of accessing it. 


Intelligent Security Summit On-Demand

Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.

Watch Here

The report includes real-world data from IBM’s internal sources and open-source data, including the cyber incidents the IBM X-Force team has responded to. In addition, it includes, but is not limited to, billions of data points ranging from network and endpoint detection devices that IBM monitors to X-Force Red engagements, X-Force’s threat intelligence insights and data provided by report contributors such as Intezer.

Read the full report by IBM Security.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.