Ransomware operators are moving away from using traditional phishing techniques and are placing more importance on exploiting vulnerabilities. These groups have adopted a more aggressive approach in their efforts to extort and exploit vulnerabilities.
Ransomware groups are prepared to invest in opportunities for financial gain, whether that involves compensating other hackers to identify weaknesses in their ransomware software or obtaining access to their intended victims with the help of Initial Access Brokers.
The excessive exploitation of zero-day vulnerabilities has resulted in a 143% rise in the number of victims in comparison between Q1 of 2022 and Q1 of 2023.
- LockBit has been the dominant player in the ransomware landscape between Q4 2021 and Q2 2023, accounting for 39% of all victims.
- While the Cl0p ransomware group is aggressively working on developing zero-day vulnerabilities, which has resulted in a 9-fold increase in its victims compared to the previous year.
- The manufacturing sector experienced a 42% rise in victims from Q4 2021 to Q4 2022, highlighting the potential risk to global supply chains. LockBit was responsible for 41% of attacks on manufacturing.
- The healthcare sector, victims increased by 39% during the same period, with the BlackCat and LockBit ransomware groups being the primary culprits.
- The financial services organizations saw a 50% increase in the total number of affected entities compared to the previous year, while the retail sector witnessed a 9% increase in victims.
Zero-day and one-day vulnerabilities are now becoming a standard part of certain ransomware groups’ methods. These vulnerabilities are being exploited in specialized or uncommon platforms and software.
While the use of zero-day vulnerabilities is not entirely new, what’s remarkable is how ransomware groups like Cl0p are proactively searching for and exploiting vulnerabilities (GoAnywhere MFT, MoveIT) on a large scale to compromise numerous organizations.
The akamai report points out a growing pattern among ransomware groups, where they increasingly focus on exploiting software vulnerabilities to exert more pressure on businesses for extortion purposes. As businesses continuously strengthen their cybersecurity measures, it becomes crucial to recognize that relying solely on file backup solutions is no longer a comprehensive approach to counter ransomware groups.
To address the current challenges effectively, organizations must prioritize proactive actions such as network segmentation and managing vulnerabilities, among others.