Ransomware actors have significantly expanded their tactics beyond data encryption and exfiltration, according to a new Barracuda report.
Other activities most frequently undertaken by ransomware groups during incidents in the past 12 months include:
- Wiping backups and/or deleting shadow copies of files (37%)
- Installing additional malware/payloads (29%)
- Infecting multiple endpoints such as computers or servers (26%)
- Threatening partners, shareholders or customers (22%)
- Threatening to alert the authorities and/or the press (21%)
- Threatening staff (16%)
Only a quarter (24%) of ransomware incident involved the encryption of data.
Data was stolen and either leaked or retained in 54% of cases analyzed.
These multidimensional tactics appear largely designed to exert more pressure on victims to pay, both by making it harder for them to restore their data without paying and increasing the potential consequences of not giving into attacker demands.
The findings follow a report by Semperis published in July which found that executives were physically threatened in 40% of ransomware incidents, while attackers threatened to file regulatory complaints against victim organizations in 47% of cases.
Impacts of Ransomware Attacks Growing
Partly due to the range of activities performed by attackers, the report found that ransomware victims multifaceted operational and commercial repercussions.
The top impact cited by respondents was damage to their brand and reputation (41%), followed by downtime (38%), recovery costs (36%) and losing sensitive data (34%).
Over half (57%) of organizations surveyed admitted experiencing a successful ransomware attack in the past 12 months.
Of these, 31% were hit twice or more.
Around a third (32%) of victims said they paid the attackers to recover or restore data, rising to 37% among organizations affected twice or more.
Of those that paid, 41% failed to recover all their data. This is due to multiple factors, including the decryption tools provided by the attackers not working, files being damaged during encryption and decryption processes and threat actors simply taking the money without providing a recovery mechanism.
Around two-thirds (65%) were able to restore data from backups following a successful ransomware attack.
Fragmented Security Commonplace in Ransomware Victims
The Barracuda report, published on August 5, also found that 74% of repeat ransomware victims complained that they are juggling too many security tools.
Additionally, 61% said their tools don’t integrate, disrupting visibility and creating blind spots where attackers can hide.
The most widely deployed security measures were email security (52%), network security (52%) and security awareness training (48%).
The study surveyed 2000 senior security decision-makers in organizations with between 50 and 2000 employees across a broad range of industries and countries.
