The Alarming Rise of Ransomware: Understand the Growing Threat to Combat It
Written by: Ferhat Dikbiyik, Chief Research & Intelligence Officer
Black Kite just released our 2nd annual State of Ransomware Report, and one thing is clear: The threat of ransomware looms larger than ever before.
The numbers speak volumes. In the past year, ransomware attacks have nearly doubled over the previous year, with almost 4,900 businesses falling victim to extortion. It’s not just the frequency that’s alarming, but also the evolution of tactics. In fact, the landscape of ransomware attacks is more dynamic and dangerous than ever.
The key to staying ahead of a ransomware incident is to understand what bad actors operate and how their ecosystem has evolved. And it’s not just your company you need to be worried about. One surprising finding is that more than 30% of the ransomware incidents reported targeted companies with annual revenues below $20 million. Below the enterprise threshold, these are more likely third-party suppliers in the enterprise supply chain. Because of disruptive cascading effects, you’ll want to take proactive steps to protect your organization. Here are key findings from the report to help you do just that.
Ransomware trends & actors: 3 big takeaways
- Ransomware groups operate like businesses
Bad actors have morphed into sophisticated, organized crime organizations, operating with the precision and sophistication of legitimate tech businesses. From offering customer support (they’ll help victims through the process of paying their ransom) to employing recruitment strategies (to lure the best and brightest hackers from other groups), these criminal syndicates leave no stone unturned in their pursuit of profit. To further ensure profits, they are targeting economically prosperous countries like the United States. Industries most vulnerable to operational disruption, such as manufacturing and healthcare, are prime targets for ransomware attacks, presumably because they are more likely to pay the ransom than suffer the costly consequences of disruption. In other words, these ransomware groups are operating with business plans. - Ransomware crime is up
Not only has the number of ransomware reporting doubled in 2023 compared to 2022, but the number of incidents have been steadily increasing year-over-year since we first started following ransomware trends in 2021. It seems the business-like operating models of ransomware groups and their increased persistence is helping their tactics become incredibly effective.
Who they are targeting has also evolved. While there once seemed to be an unwritten code that organizations that offer critical human services were off-limits, this is no longer the case. We are seeing a stark rise in the number of attacks against healthcare related organizations. - Players are shifting and coordinating
Ransomware syndicates are constantly evolving, jockeying for position on the leaderboard and forming alliances to carry out more sophisticated and targeted attacks. We are also seeing affiliates switching between groups and repeat victims becoming increasingly common, showcasing the complex web of coordinated cybercriminal activity that shares resources, talent, and intel. The emergence of multi-operator collaboration among ransomware affiliates reflects a strategic evolution aimed at maximizing returns and mitigating risks.
Be proactive: See risk and how it can impact you
So what does this all mean for your company? You need to be proactive and stay on top of the ransomware susceptibility risk throughout your supply chain. You need to know in concrete terms: If your supplier is ransomed, how will it affect your business?
Black Kite’s Ransomware Susceptibility Index® (RSITM) provides the likelihood of a ransomware attack on your organization or on an organization in your supply chain and allows you to tailor your defense strategy accordingly. RSI™ follows a process of inspecting, transforming, and modeling collected from a variety of OSINT sources (internet wide scanners, hacker forums, the deep/dark web and more) to provide a susceptibility value on a scale between zero and one. Companies with a value above 0.8 are 27 times more likely to experience a ransomware attack than companies with a value below 0.2. This reliable data helps you avoid production, reputation, and financial losses.
Learn more about ransomware to stay ahead
In conclusion, the threat of ransomware is real, pervasive, and ever-evolving. As ransomware groups continue to refine their tactics and expand their reach, it’s up to organizations to stay one step ahead. By prioritizing proactive threat intelligence and investing in robust cybersecurity measures, businesses can safeguard their data, their operations, and their futures in an increasingly digital world.
Download the full report, State of Ransomware Report 2024: A Year of Surges and Shuffling, and get your free RSI rating to see where your organization stands in the likelihood of a ransomware attack. For more insights on how I interpret the findings in the report, read my blog, Decoding Ransomware Affiliates: Perspectives from an Industry Insider.
Get prepared and stay ahead of ransomware criminals. Check out the State of Ransomware Report 2024: A Year of Surges and Shuffling