According to Kaspersky, the number of attempted ransomware attacks detected in 2022 reached over 74.2 million, marking a 20% increase compared to the previous year (61.7M). While early 2023 showed a slight decline in the overall number of attacks, the attacks that did occur were more sophisticated and targeted.
This prompted Kaspersky today, on global Anti-Ransomware Day, to reflect on the events that shaped the ransomware landscape in 2022 and draw from that to predict trends for the rest of 2023.
Looking back at the previous year’s report, three key trends were identified:
- Threat actors were focused on the development of cross-platform ransomware, which affects and encrypts files on multiple operating systems. This led to the discovery of “RedAlert/N13V” which is focused on non-windows platforms and halted VMs in ESXi environments, a technology commonly used in data centres and cloud computing.
- The ransomware ecosystem became more “industrialised”, with ransomware groups such as BlackCat using websites resembling breached organisations’ domains to lure victims checking ‘have-I-been-pwned’ to pressure their organisations into paying the ransoms.
- Ransomware groups have taken sides in geopolitical conflicts. One notable case for example is called Eternity which is a whole malware ecosystem. Eternity ensures that it does not affect users in Ukraine, saying “guys who send malware to Ukraine will be banned,” in an internal message board revealed by Securelist. This reveals the complex nature which motivates ransomware attacks in today’s geopolitical landscape.
Looking forward to 2023, Kaspersky says it predicts three major trends. The first is increased embedded functionality with ransomware. This includes self-spreading mechanisms which have been widely observed in recent attacks. The second is the continued abuse of vulnerable drivers, such as antivirus drivers. The last prediction is ransomware gangs adopting code from other families to attract more affiliates and improve their offensive capabilities.
Although ransomware incidents decreased slightly between 2021 and 2022, it remains a top challenge, according to Kaspersky’s Global Emergency Response Team. The amount of ransomware attacks may have declined but instead attacks now focus on more vulnerable targets.
As ransomware continues to evolve, organisations and security specialists are advised to update software when available, employ tailored security solutions, and keep their knowledge of ransomware tactics up to date. The threat landscape remains challenging, and staying vigilant against emerging trends and tactics is crucial for effective defence against ransomware attacks, according to Kaspersky.