A new report from Delinea shows that, while still not back to 2021 levels, ransomware attacks are increasing.
What’s more, mid-sized companies appeared to be in cybercriminals’ sights the most, with 65 percent saying they’ve been a ransomware victim over the past 12 months. Organizations are also paying ransoms more frequently, up to 76 percent from 68 percent the prior year.
There’s also been a shift in the tactics of attackers, with data exfiltration registering a surge of 39 percent (reported by 64 percent of respondents, up from 46 percent). Exfiltration has become a preferred goal for attackers, who are now gaining control of a company’s network to download sensitive data to sell on the dark web. This trend is also evidenced by a significant downturn of traditional money grabs as the main motivation (34 percent, down from 69 percent the year before).
“Ransomware certainly appears to have reached a critical sea change — it’s no longer just about the quick and easy payout,” says Rick Hanson, president of Delinea. “Even as organizations are investing more in safety nets like cyber insurance which often have ransomware payouts included in coverage policies, cybercriminals are finding that using stealth tactics to stay under the radar and access sensitive, valuable information to sell is the better investment of their effort.”
Attack vectors have shifted too, away from using email as a preferred route (down from 52 percent to 37 percent), but instead targeting cloud (44 percent) and compromised applications (39 percent). By taking a more covert approach in this way, attackers can remain undetected for longer and gain continuous access to systems and data, enabling them to ramp up the damage when they choose.
When it comes to combating the threat, 91 percent say they have specific budget allocations for ransomware, up from 68 percent in 2022, only 61 percent (down from 76 percent) say security budgets were allocated following an attack, which could be due to economic uncertainty or tighter budgets. Despite feeling they could bolster defenses by spending more on critical areas like privileged access management (28 percent, up from 16 percent), respondents seem to lack clarity on how increased spending would help improve security. On a positive note, executives and boards are now listening as 76 percent reported that their leadership is concerned about ransomware, but perhaps only after an attack.
“The changing strategies and tactics in ransomware attacks require a layered approach to security that mitigates the risk of unauthorized access, even when credentials are compromised,” says Joseph Carson, advisory CISO and chief security scientist at Delinea. “It also shows the critical role privileged access plays in overall cybersecurity postures.”
The full State of Ransomware 2024 report is available from the Delinea site.