Please fill in the form below to subscribe to our blog

3 Troubling Ransomware Trends You Need to Know About

July 20, 2023

Cybercriminals Are Making Strategic Moves to Make More Money

Businesses are facing constant pressure from enterprising cybercriminals, and cyberfraud is costing them more than ever before. The U.S. Federal Bureau of Investigation Internet Complaint Center (FBI IC3) Internet Crime Report 2022 showed that cyberfraud reported to that agency hit a new record level in 2022. Cyber-enabled fraud losses increased to $10.3 billion for the year, up a whopping 48% compared to 2021. To continue attacking businesses successfully, bad actors constantly evolve their tools, techniques and procedures (TTP). In this two-part series, we’ll take a look at six prominent cybercrime trends in the first half of 2023. The first three cybercrime trends we’ll look at are centered on the same idea: making strategic moves that maximize profit from time-sensitive industries and minimize risk for the bad guys.

Excerpted in part from our Mid-Year Cyber Risk Report 2023 GET YOUR COPY>>

young brunette caucasian woman sits at a com[uter mo

See the path from a cyberattack to a defensive success with managed SOC in this infographic. GET IT>>

Cybercrime trend: Strategic supply chain attacks 

Victim: Micro-Star International (MSI) 

Date of initial report: April 12, 2023 

Exploit: Ransomware 

At the time we wrote: 

The Money Message ransomware group has added Micro-Star International (MSI), a maker of motherboards, graphics cards and other computer components, to its dark web leak site. The group said that they snatched a variety of proprietary data including the hardware vendor’s CTMS and ERP databases and files containing software source code, private keys and BIOS firmware. All told the threat actors claimed to have stolen 1.5TB of data from MSI’s systems and they’re demanding a ransom payment of $4 million. 

The aftermath:  

In the ensuing days after the attack, the fallout got worse. MSI lost up to 1.5TB of sensitive data due to a security compromise, but it was not the only company impacted in the incident. MSI is a supplier of Intel. The data published by the ransomware gang also included a leak of Intel Boot Guard keys, a critical start-up safety check. Hackers could use the keys to bypass it, sign in and deploy malware under the guise of official MSI firmware. Researchers at Binarly determined that the stolen and leaked data included Intel Boot Guard keys for 166 different products as well as firmware image signing keys for 57 MSI products. The leaked keys could ultimately affect dozens of products from several companies, including Intel, Lenovo, and Supermicro. MSI urged users to only obtain firmware/BIOS updates from its official website to avoid trouble.  

What cybercriminal tricks do employees fall for in phishing simulations? Find out in this infographic. GET IT>>

Cybercrime trend: Shutting down retail operations 

The classics never go out of style. Bad actors have been doing their best to disrupt operations at retailers of every size. One notable 2023 cybercrime trend is ransomware attacks against retailers with the aim of crippling their operations. The February 2023 ransomware attack that took out digital and in-store retail operations at Canadian bookstore giant Indigo Books & Music. The chain has 86 superstores and 123 small-format stores throughout Canada. The attack threw the company’s stores into the pre-digital age, reducing the company to accepting only cash payments temporarily and eliminating all online operations. The goal of attacks like this is to cause a business disruption significant enough to force the victim to pay the ransom. However, many retailers do not pay (the preferred response of law enforcement and cybercrime experts), instead choosing to work their incident response and recovery plan to restore operations — the option Indigo apparently chose. 

Victim: Indigo Books & Music 

Date of initial report: Feb. 8, 2023 

Exploit: Ransomware 

At the time of writing: Indigo Books & Music, Canada’s largest bookstore chain, has announced that it has experienced a cyberattack, suspected to be ransomware, that may have exposed customer data last week. The incident caused the company to make its website unavailable to customers and to accept only cash payments in stores. Gift cards were also unusable. Indigo cautions that there may be delays in shipped orders. The bookseller has not offered specifics as to the type of cyberattack that caused the problem or if any data was encrypted or stolen. An investigation and restoration of systems is ongoing.  

The aftermath: After further analysis, the incident was determined to be a ransomware attack by Lockbit. In a March 17, 2023, statement, Indigo said that its online and in-person operations had largely returned to normal. As of March 2023, an FAQ section on its site stated that the company may still be working to restore some systems. Indigo has offered employees affected by the attack a two-year subscription with TransUnion Canada. United Food and Commercial Workers International Union Local 1006A, a union that represents 200 employees of Indigo Books & Music, has called on the retailer to disclose more information about the attack and offer more employee support. 

See what the biggest cybersecurity challenges are right now in our Mid-Year Cyber Risk Report 2023. DOWNLOAD IT>>

Cybercrime trend: Major service disruptions 

Ransomware attacks on big, public-facing service providers are a cybercriminal favorite, and they’ve been a major cybercrime trend in 2023. The February 2023 attack on TV and telecom service provider Dish Network is a fitting example of that tactic. In one fell swoop, bad actors knocked out television and phone service for a wide swathe of Americans. The goal here was to wring a large ransom payment out of the victim quickly while its customers complained about the service disruption, impacting the company’s reputation.  

Victim: Dish Network 

Date of initial report: March 7, 2023 

Exploit: Ransomware 

At the time of writing: Major U.S. satellite television provider Dish Network has been knocked off the air by a suspected ransomware attack. Customers first noticed the service outage last Thursday and the problem persisted through the weekend. The outage appears to affect most parts of the company, including online bill payment services, customer service and Boost Mobile, the prepaid wireless carrier Dish acquired in 2020. Dish has not made a formal statement about the incident and no ransomware group has claimed responsibility.  

The aftermath: Beyond the multiday service outage that drew unflattering press attention, Dish Network has had other major problems to contend with due to this incident. The company’s investigation uncovered that an estimated 300,000 customers had their personal data stolen in the attack. Dish subsequently told customers it did not have evidence that their stolen data had been misused. Instead, the company said that it received assurance that the data was deleted. This points to the unfortunate likelihood that Dish paid the ransom. The company is also facing a slew of class-action lawsuits from investors. 

EDR represented by a rendering of connected devices

Learn how Datto EDR satisfies cyber insurance requirements for endpoint protection & EDR. DOWNLOAD REPORT>>

Kaseya’s Security Suite helps protect businesses from sophisticated cyberthreats 

Major protection from today’s most dangerous and damaging cyberattacks like these ransomware trends doesn’t have to come with a major price tag with Kaseya’s Security Suite. 

Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection with 24/7/365 human- and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.  

BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents cyberattacks and reduces an organization’s chance of experiencing a cybersecurity disaster by up to 70%.  

Graphus — Graphus is a cutting-edge, automated email security solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.   

Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.   

Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require. 

Book your demo of our security suite solutions today! 

dark web threats

Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!