Ransomware is being used as a precursor to physical war

ID theft
(Image credit: Future)

Threat actors engaged in multiple ransomware attacks against targets in Ukraine, Poland, and other countries in the days and weeks leading up to the Russian invasion of Ukraine, new research has claimed.

According to Ivanti and Cyware, this was a  strategy in which ransomware was used as a precursor to physical war.

The company's report notes that we can expect to see this strategy being used to wage conflicts a lot more in the future, and is even developing right now in a "cyberwar" conflict between Iran and Albania.

Risk-based approach

The joint research effort also highlighted some alarming trends surrounding ransomware.

According to the report, ransomware grew almost fivefold (466%) since 2019. There are now at least 170 active malware strains being used to extort businesses for money, with the report identifying ten new ones - Black Basta, Hive, BianLian, BlueSky, Play, Deadbolt, H0lyGh0st, Lorenz, Maui, and NamPoHyu. 

There are now also at least 35 vulnerabilities associated with ransomware, together with 159 trending active exploits. However, with no concrete threat context, patching systems and mitigating vulnerability exposure is a lot harder than one might think. 

Threat actors are relying on 101 CVEs for their phishing attacks, although that's by no means their only attack vector. The report identified 323 current ransomware vulnerabilities, leading up to 57 endpoint takeover methods. 

For Srinivas Mukkamala, Chief Product Officer at Ivanti, now is the time to adopt a risk-based approach to vulnerability management. 

“This includes leveraging automation technologies that can correlate data from diverse sources (i.e., network scanners, internal and external vulnerability databases, and penetration tests), measure risk, provide early warning of weaponization, predict attacks, and prioritize remediation activities,” he said.

“Organizations that continue to rely on traditional vulnerability management practices, such as solely leveraging the NVD and other public databases to prioritize and patch vulnerabilities, will remain at high risk of cyberattack.”

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.