Ransomware Attacks Show No Signs of Slowing Down in 2023

---

The Pressure is Ratcheting Up on Companies Worldwide

---

The global cybersecurity community in 2023 is witnessing waves of cybercriminal activity that have placed thousands of organizations in peril. More specifically, cybercriminals have been capitalizing on ransomware attacks to antagonize small and large businesses, demanding huge sums in exchange for decryption keys and the deletion of stolen data. Within the first two quarters, bad actors extorted a little under half a billion dollars from their victims — a 64% increase since 2022.

If the frequency and severity of ransomware attacks continue at the same rate as they have been for the rest of the year, cybercriminals could rake in close to $900 million by the end of 2023. With hundreds of organizations currently facing supply chain attacks, Ransomware-as-a-Service (RaaS) threats and double extortion, the question is why is there such a steep climb in the number of ransomware attacks?

---

---

Cybercriminal gangs and the uptick in ransomware attacks

---

Although cybersecurity professionals and regulatory authorities across the world are constantly striving to develop effective countermeasures to stave off cybercriminals, the substantial increase in ransomware attacks this year knocked everyone off their heels.

Cybercriminals often form gangs to improve their efficiency and expand their base of operations, predominantly targeting organizations in the banking, financial and legal sectors. This is because customers trust such businesses with their personally identifiable information (PII) and financial data — precisely the kind of loot cybercriminals are after.

Here’s a list of some famous cybercriminal gangs that follow the RaaS and double extortion approach to achieve their malicious goals:

• LockBit: Responsible for launching a successful ransomware attack on the French Ministry of Justice, among many other institutions and financial organizations. LockBit is highly notorious and targets businesses on a global scale. The group is currently one of the most active RaaS gangs, logging around 97 attacks in June alone.
• Cl0p: If you’re even remotely savvy with the IT world, you’ve most probably heard of this group. Cl0p is the gang behind the infamous MOVEit Transfer hack, which affected over 500 companies and 34 million individuals worldwide. Cl0p is reported to have launched 91 attacks so far, although that may slow down after the MOVEit exploit, which has seen them extort over $75 million to date. The group is presently utilizing torrents to leak data, increasing their chances of evasion.
• REvil: Although out of commission since May 2022, this group rose to fame through its bold attacks on some of the biggest enterprises, including JBS Foods. While most other companies emerged from the attacks relatively unscathed, JBS Foods paid $11 million in Bitcoin and was forced to shut down operations for a while.
• BlackCat/ALPHV Ransomware: A dominant strain of ransomware in 2023, this group is responsible for successfully attacking over 60 businesses — non-profit and for-profit alike — regardless of their industry. BlackCat grew so bold as to attack Carinthia, a federal state in Austria, and demanded $5 million in exchange for the decryption key. The Carinthian government had to halt all its operations, such as issuing new passports or traffic fines and even had to freeze its official website.

---

---

The Booming Dark Web Economy is Bad News for Businesses

---

Today, the dark web is the world’s third-largest economy, and unlike the economy in many places, it is not experiencing any downturn. In fact, it’s growing at an alarming rate. Cybersecurity Ventures predicted that the dark web would inflict about $6 trillion in damages worldwide in 2021, placing the dark web economy just behind the United States and China, the top two world economies. The same experts also see global cybercrime costs growing by 15% per year over the next five years, reaching $10.5 trillion annually by 2025, up from $3 trillion in 2015.

There are two important things to note about RaaS gangs. To begin with, the prominent gangs mentioned above are all known to be primarily comprised of Russian hackers, most of whom have been suspected of being funded by the Russian government. Secondly, the gangs often make and sell their malware to other bad actors as well as recruit other gangs, called affiliates, to perpetrate attacks. Considering all these facts, cybersecurity professionals have attributed the surge in ransomware attacks in 2023 to the ongoing Russo-Ukrainian war and the increased availability of malware and artificial intelligence tools for cybercriminals.

---

---

Supply Chain Attacks Endanger Every Business

---

Businesses don’t just have to worry about cyberattacks on their organization. They also have to worry about the complications coming their way for cyberattacks on their partners, service providers and suppliers. This is because today’s cybercriminals are inclined to go after the entire supply chain — and once they’re in, hackers can create a world of financial and legal trouble.

Presently, ransomware seems to be the go-to attack for cybercriminals perpetrating supply chain attacks. Over half (52%) of global organizations know that one of their suppliers or partners has been affected by ransomware.  Moreover, ransomware gangs like to target strategically positioned companies with access to a large digital supply chain to extort larger amounts of money.

The MOVEit Transfer attack spree is a perfect example. When ransomware gang Cl0p discovered a zero-day vulnerability in Progress Software’s MOVEit file transfer software, they were able to exploit it to perpetrate cyberattacks on over 500 organizations. The gang was able to compromise Progress’s entire supply chain and hack into its customers’ IT environment. From there, Cl0p launched devastating third-party cyberattacks on businesses that used MOVEit. This hack has caused data exposure for some big names including British Airways, The Teachers Insurance and Annuity Association of America (TIAA), Shell Oil and the BBC.

Protecting your organization against ransomware attacks is incredibly challenging, and cybersecurity authorities, agencies and professionals have learned that it is time to become more proactive to remedy the situation.

---

---

Datto EDR’s Ransomware Rollback is a Game-Changer

---

Investing in cybersecurity solutions that preserve your data and business continuity is essential in this modern, ever-evolving threat landscape. While ransomware attacks can certainly spell doom for your business, it doesn’t have to be the result of a vulnerability in your network.

That’s why you need a heavily layered cybersecurity approach to keep threats at bay — and that’s where Datto EDR comes in.

Datto EDR is the world’s leading endpoint detection and response (EDR) solution, designed to protect you from the most sophisticated attacks. Its built-in, continuous endpoint monitoring and behavioral analysis offers unparalleled endpoint defense. In addition, this cloud-based EDR solution now features Ransomware Rollback as well.

Ransomware Rollback is a unique and powerful antimalware technology that identifies known and unknown types of ransomware and kills the encryption process once an attack begins. It is a lightweight software that tracks changes on endpoint disk space, providing rollback functionality for files and databases impacted by ransomware attacks. The feature is architected to restore deleted files, such as those hit by a wiper attack or files deleted by accident. It truly is the best defense against ransomware attacks and your best shot at warding off cybercriminals.

To learn more, visit ID Agent and Datto EDR.

---

---

---

---