The resurgence of ransomware that is currently plaguing enterprises and giving cybersecurity companies a headache may have a cause - off-the-shelf' ransomware.
That's according to antivirus platform Kaspersky, which released a report detailing a surge in ransomware attacks utilising leaked code.
The report highlights the growing threat posed by ransomware groups leveraging leaked source code and tools from disbanded or defunct larger organisations.
Ransomware report’s findings
The research, conducted by Kaspersky's Global Research and Analysis Team (GReAT), reveals a 30% increase in targeted ransomware groups compared to 2022, with known victims of their attacks rising by a staggering 71%.
Notably, the LockBit 3.0 ransomware emerged as the most frequently encountered malware in organisations' systems in 2023, largely due to the leak of its builder in 2022.
This leak enabled various independent groups to create custom ransomware variants, which were then used to target organisations worldwide.
The BlackCat/ALPHV and Cl0p ransomware groups followed as the second and third most active threats, respectively.
Off-the-shelf threat
This trend towards 'off-the-shelf' ransomware and affiliate programmes is dramatically altering the cybercrime landscape.
Off-the-shelf ransomware refers to pre-packaged malware kits that can be purchased and deployed with minimal technical expertise.
These kits often come with user-friendly interfaces, making them accessible to a broader range of potential attackers.
Affiliate programmes, on the other hand, operate on a Ransomware-as-a-Service (RaaS) model.
In this setup, ransomware developers provide their malware to 'affiliates' for a subscription fee or a percentage of the ransom payments.
This model allows cybercriminals to specialise in different aspects of an attack, from initial access to ransom negotiation, increasing overall efficiency and profitability.
“The barrier to entry for launching ransomware attacks has plummeted. With off-the-shelf ransomware and affiliate programs, even novice cybercriminals can pose a significant threat,” comments Jornt van der Wiel, a Senior Cybersecurity Researcher at Kaspersky’s GReAT.
The research also uncovered a significant shift in the ransomware ecosystem. This democratisation of ransomware capabilities has led to a more diverse and unpredictable threat landscape.
Smaller, more elusive groups are emerging, making it increasingly difficult for cybersecurity professionals and law enforcement to track and mitigate threats effectively.
From high-profile breaches affecting critical sectors to attacks on small businesses, the impact of ransomware continues to expand.
To mitigate risks, Kaspersky recommends implementing robust security solutions, conducting regular system updates and backups, providing comprehensive cybersecurity training to employees, and utilising threat intelligence to stay ahead of emerging tactics.
In addition, Kaspersky has issued five points it recognises as common points of entry:
- Provide staff with basic cybersecurity hygiene training, including simulated phishing attacks to improve email threat recognition
- Implement protection solutions for mail servers with anti-phishing capabilities to reduce the risk of infection through phishing emails
- Use endpoint protection solutions with anti-phishing features to enhance security against email-based threats
- If using cloud services like Microsoft 365, ensure appropriate security measures are in place, including protection for communication and file-sharing apps
- For small businesses, consider lightweight, easy-to-manage security solutions that offer effective protection against phishing and malware
- Implement a comprehensive security solution for small and medium businesses that includes file, mail, network, and web threat protection features
Comments
Post a Comment