Cybercriminals continue to weaponize vulnerabilities faster than ever at a persistent pace. According to a survey by Sophos, 66% of organizations globally were the victims of a ransomware attack last year, a 78% increase from the year before.
Ivanti's latest index found that compared to the end of 2021, there's been a 7.6% jump in the number of vulnerabilities associated with ransomware in Q1, 2022.
The report uncovered 22 new vulnerabilities tied to ransomware (bringing the total to 310), with 19 being connected to Conti, one of the most prolific ransomware groups of 2022.
According to Ivanti's report, around the world, vulnerabilities connected to ransomware have increased in two years from 57 to 310.
The Goal of Ransomware Designer: Make Payloads More Lethal and Imperceptible
The primary design goal of ransomware creators is to make quick and undetected ransomware infiltration of a network. But based on Ivanti's latest report, ransomware groups concentrate on evading detection while capitalizing on data gaps and long-standing gaps in legacy CVEs.
"Threat actors are increasingly targeting flaws in cyber hygiene, including legacy vulnerability management processes," said Srinivas Mukkamala, senior VP and general manager of security products at Ivanti, as cited by VentureBeat.
Mukkamala added that at present, many security and IT teams struggle to identify the real-world risks that vulnerabilities pose and therefore improperly prioritize vulnerabilities for remediation.
According to VentureBeat, making ransomware payloads more lethal and imperceptible is a reliable revenue source for cybersecurity gangs and Advanced Persistent Threat (APT) groups.
In 2020, $692 million was made in ransomware payments. This is nearly twice what Chainalysis initially identified by tracking publicly available data.
Based on the Ivanti report, 11 vulnerabilities tied to ransomware were undetectable by popular scanners. Before releasing them into the wild, ransomware creators with advanced skills are doing regression testing and the equivalent of software quality assurance on their bots, payloads, and executables.
According to VentureBeat, during Q1 of this year, three new APT groups began deploying ransomware Exotic Lily, APT 35, and DEV-0401. Ransomware creators also made four new ransomware families (AvosLocker, Karma, BlackCat and Night Sky) attack their targets.
Read Also: A US College To Shut Down for Good Following a Ransomware Attack
If Hit by a Cyberattack, Report Says 88% of Business Leaders Would Pay the Ransom
Meanwhile, based on a new report by Kaspersky, in 88% of organizations around the world that were previously attacked by ransomware, business leaders said they would choose to pay a ransom if faced with another attack.
In a separate report by VentureBeat, it was said that in companies that had paid ransoms in the past, 97% were willing to do it again, while only 67% across organizations that have yet to be victimized would be willing to pay.
Moreover, companies hit in the past were more willing to pay as soon as possible to get immediate access to their data.
The Kaspersky report showed that almost two-thirds (64%) of companies have experienced ransomware attacks, and 66% said they anticipate that one will happen at some point. They believe it is more likely to happen than other common attack types, such as DDoS, supply-chain, APT, cryptomining, or cyber espionage.
Since it doesn't guarantee you get your data back and it encourages criminals to continue their business, experts encourage victims never to pay ransoms.
Experts instead recommend that they report incidents to local law enforcement. Companies can also take preventative measures, including setting up offline backups, keeping software on all corporate devices up to date, enabling ransomware protection on all endpoints, and focusing defense strategy on detecting lateral movements and data exfiltration to the internet.
Related Article: Heart Doctor Accused of Creating Two Ransomware Strains
