Ransomware groups are once again targeting smaller businesses for more lucrative payouts | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Lower-hanging fruit represents a far more lucrative revenue stream for groups such as LockBit


Image: Getty via Future

Security experts have said ransomware groups are once again prioritising attacks on smaller organisations as they look to target those with less mature security capabilities.

Analysis from Trend Micro has shown that ransomware gangs such as LockBit, Cl0p, and Black Cat are slowing down attacks against ‘big game’ targets, such as multinationals, and focusing their attention on smaller organisations.

Organizations “of up to 200 employees” – those within the small-to-medium-sized range – accounted for the majority (575) of attacks using LockBit’s ransomware across H1 2023.



Similar trends were observed with rivals in the ransomware-as-a-service (RaaS) space, the report noted. Nearly half (45%) of Black Cat victims were in the same size range while 27% of attacks on smaller organizations were waged by Cl0p.

Cl0p remains an outlier in this sense, however. Across H1, half of all attacks attributed to the group were focused on “larger enterprises”.

The group was responsible for the devastating GoAnywhere breach, as well as the MOVEit cyber attack earlier this year that impacted hundreds of organisations globally, including the BBC, British Airways and Boots.

The cause for this heightened focus on smaller organisations is due to a combination of factors, according to Bharat Mistry, technical director at Trend Micro.

Speaking to ITPro, Mistry said that traditional perceptions of lax SME security practices and an inability to adequately invest in robust security capabilities is prompting an increase in attacks.

“The first angle to this is that there’s a perception that SMEs are not going to be fully equipped, they’re cash-strapped more than likely, and spending money on cyber technology doesn’t really add to the bottom line,” he said. “Every penny counts.”

“So, from a cyber defense and maturity point of view, they feel like easy targets to go after.”

A ‘lower entry to market’ for mid-tier or emerging groups capitalising on RaaS is also a key factor here, Mistry noted, and creating a confluence of threats for businesses.

Why smaller organisations are being targeted with ransomware

Underlying factors in this recent surge, Mistry said, are due to current economic conditions in the West, as well as the end of a lull period across 2022 as the Covid-19 pandemic petered out.

“I would say the pandemic has probably had a part to play, but we’re at the other side of that now,” he said.

“The economic climate is also a big factor. When you look at the countries that are most impacted, it’s really North America, so the US and Canada, and Western Europe.

“Nowhere in the Far East. We can see they’re going after places where there’s plenty of cash, but they’re also thinking we’ve got access to resources and technology so why not have a go.”

Future Publishing

Read More: cyber security ransomware security


Click Here For The Original Source.

National Cyber Security