Ransomware threats are surging once again - here's what your business needs to know

News
By
published

Here is when the ransomware usually strikes

Lock on Laptop Screen
(Image credit: Shutterstock.com) (Image credit: Future)

2023 was a big year for ransomware, with the number of threats rising after a two-year decline, breaking a six-year record, new research has claimed.

A report from Mandiant has revealed the rising popularity of ransomware-as-a-service (RaaS), also means the barrier for entry has been severely reduced, and as a result, the number of victims posted on data leak sites rose substantially.

As per the paper, there has been a 75% increase in the number of businesses posted on data leak sites between 2022 and 2023, with organizations across 110 countries affected.

Bye bye, Cobalt Strike

Many old and known ransomware families have also been getting new variants, signaling ongoing development and resource sharing among the cybercriminal community. In fact, roughly a third of all new ransomware families Mandiant observed and tracked in 2023 were variants of previously identified versions.

Mandiant also says that while ransomware variants are changing, the attackers are also pivoting to new tools when it comes to initial access. While in earlier years, malicious tools were dominating, they are now slowly being replaced with legitimate tools being used for malicious purposes. Most notably, Cobalt Strike, a super popular threat emulation tool that was essentially hijacked by cybercriminals, is slowly being phased out. In its place are now multiple legitimate remote access tools. 

Hackers are also moving faster than before, cutting down on dwell time and deploying ransomware sooner, Mandiant says. In almost a third of incidents, ransomware was deployed within 48 hours of initial attacker access, which means threat actors are now better at mapping out IT infrastructure, networks and systems. 

Finally, they are still running encryptors in the after-hours: more than three-quarters (76%) of all ransomware deployments happened outside of work hours, usually in the early morning.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.