Ransomware Attacks on the Rise
Cybercriminals took in $1.1 billion from ransomware attacks in 2023, a new global record that doubles the previous year’s $567 million, according to new data from Chainalysis, a blockchain analysis firm.
“The growth of ransomware revenue is disappointing following the sharp declines we covered last year and suggests that perhaps ransomware attackers have adjusted to organizations’ cybersecurity improvements,” said Chainalysis in a blog post on its 2024 Crypto Crime report.
The 2022 numbers reflected a steep drop in ransomware revenues, down from $983 million in 2021, and were likely an “anomaly,” the firm said. Chainalysis attributed the 2022 dip to Russia-based threat actors’ focus on the war in Ukraine, along with law enforcement efforts estimated to have prevented about $130 million in ransom payments.
However, 2023 was a “watershed” year for ransomware, with a renewed focus on hospitals, schools, and government entities, according to the report. The $1.1 billion is an “unprecedented milestone,” marked by a strong uptick in frequency, scope, and volume of attacks and the number of threat actors carrying them out, Chainalysis said.
The size of ransom payments has steadily increased between January 2021 and December 2023, Chainalysis noted, with more and more payments exceeding $1 million. Threat actor behavior runs the gamut, with ransomware gangs like Cl0P (perpetrators of the MOVEit attacks), conducting fewer attacks with bigger paydays.
The 2023 ransom payment figures also don’t capture the full economic impact of ransomware and may even increase in the future, the firm added.
“It is important to recognize that our figures are conservative estimates, likely to increase as new ransomware addresses are discovered over time. For instance, our initial reporting for 2022 in last year’s crime report showed $457 million in ransoms, but this figure has since been revised upward by 24.1%,” Chainalysis said.
Avoiding a report with entirely bad news, the firm also emphasized the real impact that collaborations between international law enforcement are having on ransomware. 2023 included some “significant victories,” Chainalysis said, citing the Hive takedown and BlackCat disruption.
How to Protect Yourself from Ransomware
There is no silver bullet, but the best defense is a layered security approach. Most ransomware breaches are caused by:
Social Engineering and Phishing Campaigns:
Train yourself and your employees on the red flags to look for in emails. Links and attachments are the most dangerous parts of an email. If the email wasn’t expected, even if you think you know the sender, pick up the phone and call to verify.
Unpatched Software:
Set your software to patch automatically, if possible. If not possible, develop a patch process that quickly evaluates and pushes out security updates. Most research following a breach finds that the software responsible for allowing the bad guys had a security patch that just hadn’t been applied.
Proactively scan your network for vulnerabilities or hire a reputable firm to do so. This step can help find holes in your network before attackers do.
Credential Theft:
This is usually a key piece of an attack. Attackers can steal credentials to sell and/or use in future attacks.
Long passphrases (25+ characters) are a good deterrent. Use a statement about yourself that is easy to remember, using proper sentence structure including spaces and punctuation.
Don’t log in unless you fully understand what you’re logging in to. If you click a questionable link and are asked to log in, it’s possible you’ve clicked a phishing link and an attacker is going to capture any credentials you enter into the login box. If you click an attachment and are asked for your password to unlock the attachment, pause and think about whether or not you know if this request is legitimate.
Never reuse passwords on multiple systems. If a breach occurs, your account is now compromised across all the sites where you’ve used this same password.
Remotely Accessible Consoles:
Always protect remotely accessible consoles with as many controls as you can. Without controls in place, a hacker can attack you from the convenience of their home. Multifactor Authentication (MFA) is a strong control that should be utilized for all remote connections whenever available. IP whitelisting, or only allowing connections from specific IP addresses, is another great control that should be used whenever available.
The U.S. Government launched a website to help public and private organizations defend against the rise in ransomware cases: StopRansomware.gov. Check out this website for more tips and guidance about ransomware attacks, how to build a strong defense, and attack recovery strategies.
Being in the know is the first step to protecting yourself and your business from cyber fraud. Choice Bank is committed to providing you with up-to-date resources and tips to help you stay informed. Learn more at bankwithchoice.com/cybersecurity.