Ransomware and BEC are seeing a huge rise — is your business ready?

Ransomware attack on a computer
(Image credit: Kaspersky)

Ransomware attacks and Business Email Compromise (BEC) campaigns are on the rise once again, new research has said.

The annual Arctic Wolf Labs Threat Report claims the median ransom demand rose by a fifth (20%) year-on-year and has now hit $600,000. 

While ransomware operators target organizations of all shapes and sizes, across all verticals, Arctic Wolf argues that legal, government, retail, and energy industries suffered most, with median demands surpassing $1 million. At the same time, businesses in manufacturing, business services, and education/non-profit, were the most common ones to appear on ransomware leak sites.

Abusing old flaws

Based on the insights from the company's threat, malware, digital forensics, and incident response case data, the report also claims AI tools have had a major role in the increase in threats, year-on-year.

As for Business Email Compromise, this type of attack rose at breakneck speeds this year, now outnumbering ransomware incidents by a factor of 10. Still, a ransomware incident is 15 times more likely than a BEC incident to lead to an incident response investigation.

Elsewhere in the report, Arctic Wolf argues that hackers aren’t that interested in looking for zero-day vulnerabilities. Instead, they’re more than happy abusing flaws found in the past, the researchers said, suggesting that everyone’s patching practices leave a lot to be desired.

In fact, vulnerabilities disclosed in 2022 or earlier now account for almost 60% of all incidents where the root cause was the exploitation of an externally accessible system.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.