Why Ransomware will grow bigger and uglier in 2024
Schneider Electric, a French multinational energy management firm, recently confirmed that its sustainability business division suffered from a ransomware attack. The attack, which occurred on January 17, involved the deployment of the Cactus ransomware, a strain known for targeting industrial organisations.
Schneider is not the only company to fall victim to ransomware in recent months. Another multinational conglomerate Johnson Controls also confirmed that a ransomware attack in September 2023 cost the company $27 million in expenses and resulted in a data breach. The attack forced the company to shut down significant portions of its IT infrastructure, which had an impact on customer-facing systems.
On December 20, Indian IT major HCL Technologies reported that one of its projects had been hit by a ransomware attack in an isolated cloud environment, even though the company assured stakeholders that, despite the attack, there had been no discernible impact on its overall network.
Ransomware attacks have been a persistent threat in recent years, and experts believe they will continue to increase in 2024. A report published by Checkpoint Research on January 19 reveals that an astonishing 1 in every 10 organisations worldwide experienced attempted ransomware attacks in 2023, a surge of 33% from the previous year.
The researchers also noted a shift in the execution strategies of ransomware attacks. While the traditional focus was on encrypting victim data and demanding ransom for its release, an increasing number of cybercriminals in recent months have concentrated more on data theft, followed by extortion campaigns that did not necessarily involve data encryption but rather threats of public disclosure of the stolen data.
The report also found that essential manufacturing is an actively targeted sector, along with business services, construction, retail, energy, utilities, and telecommunications.
Experts have observed that the exfiltration of files and unauthorised extraction of sensitive information have become the primary sources of extortion, rendering file backup solutions insufficient as ransomware protection strategies. In fact, adversaries are shifting from phishing to vulnerability abuse to deploy ransomware within a business' internal network, according to the report.
Sharda Tickoo, the technical director for India & SAARC at Trend Micro, has stated that ransomware attacks are becoming more complex and sophisticated. She has highlighted the dangerous phenomenon of Ransomware-as-a-Service (RaaS), which is a pay-for-use subscription model advertised on the dark web. This allows anyone to log in and purchase off-the-shelf ransomware kits to launch an attack. Tickoo has also noted that double extortion, where threat actors not only encrypt a victim's sensitive data but also exfiltrate it, has become the norm. This gives the criminal additional leverage to collect ransom payments.
Sometimes, a single cyber-attack through RaaS involves multiple cybercriminals working at different stages, making it difficult to hold any single group accountable for the attack. There are instances where two separate ransomware gangs collaborate on a cyber-attack, known as double encryption.
Dean Houari, the director of security technology and strategy at Akamai, has suggested that businesses should adopt a zero-trust architecture to effectively protect their critical assets, business reputation, and ensure business continuity regardless of the type of attack tool deployed by cybercriminal gangs.
Subbu Iyer, the regional director for India and SAARC at Forescout Technologies, has attributed the increase in ransomware attacks to the ongoing "digital transformation wave." However, he believes that cybersecurity teams in most companies are understaffed and under-resourced. Iyer added that poor knowledge of digitisation, lack of cyber skills, and inadequately trained cybersecurity professionals are some of the factors contributing to elevated cyber threats.
Meanwhile cyber security firm Barracuda Networks said in a report published on 31 January that the annual cost of responding to cybercrime for businesses can soar to as much as $5 million in the next 12 months.
Experts believe large organizations, unique product suppliers, and major logistics companies will face increased risks, with potential severe economic and social consequences. They will also hit also critical infrastructure and municipal services.
Moreover, Ransomware groups will continue to target operating systems and platforms such as Linux or ESXi machines at a greater scale.
The potential for disruption and financial loss will be significant unless organisations prioritise robust backup solutions, employee training, and vulnerability assessments to mitigate the impact of ransomware.