Ransomware attacks in 2022 - Protection Measures

Ransomware attacks in 2023-2024 – Protection Measures

The majority of ransomware attacks began with the exploitation of public-facing applications, data retrieval from compromised user accounts, and malicious emails, a new report by Kaspersky reveals.

According to the IT Security Economics report, over 40% of companies faced at least one ransomware attack in 2022, and small to medium-sized businesses spent on average $6,500, while large companies paid $98,000 to return to their activities. These figures reveal that ransomware attacks continue to be widespread and can strike any company at any time.

Statistical data from Kaspersky’s Incident Response Analyst Report “The Nature of Incidents in Cyberspace” show that nearly 43% of the ransomware attacks investigated by Kaspersky experts in 2022 began with the exploitation of public facing applications, followed by data from user accounts that had been compromised in the past and malicious emails with 24% and 12% respectively. The aim of the invaders was not extortion or data encryption, but the extraction of personal data, intellectual property, and other sensitive information. In most of these cases, the known credentials had already been compromised and there were no objects left for analysis by the time the crime was discovered due to the policies of switching log files, therefore it was not possible to investigate how these data leaked.

The report also revealed that the longest-lasting ransomware attacks began with the exploitation of public-facing applications (open to the public), with just over 2% of them lasting for a year and more.”

Expanding on the above information:

Ransomware is a type of malicious software (malware) that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data upon payment. The methods of ransomware attack in 2022, as detailed in this report, include exploiting vulnerabilities in publicly accessible applications, taking data from previously compromised user accounts, and sending malicious emails.

The report states that over 40% of companies have encountered at least one ransomware attack in 2022, highlighting the prevalence of such threats. Costs associated with these attacks vary, with smaller businesses spending an average of $6,500 to recover, while larger corporations expend significantly more – $98,000 on average. This cost includes ransom payments, system restoration, downtime, and other associated costs such as crisis management and reputation damage control.

The attackers’ primary goal was not simply to encrypt data for ransom but also to extract valuable information like personal data and intellectual property. This shows a shift towards data theft, which can be exploited in various ways, including selling the data on the dark web, identity theft, or even potential industrial espionage. Unfortunately, in many of these cases, the breach was discovered late, making it challenging to investigate how the data was leaked.

Lastly, the report reveals that the most prolonged ransomware attacks began with the exploitation of public-facing applications. These attacks can last over a year, causing long-term disruption and damage to the affected organizations.

How important is to keep data backups isolated from malware.

Protection measures

For the protection of businesses from potential ransomware threats, Kaspersky experts recommend:

  • Regularly create system backups and, if possible, keep the stored data on devices that are not connected to the corporate IT network. This will keep the information safe if the entire network is breached. software updated, using strong passwords and multi-factor authentication, educating employees about cyber threats, and using detection and response tools to stop attacks early.
  • Run available updates on operating or business software to provide significant security updates, as well as features that may facilitate work.

  • Use strong passwords for access to corporate services and multi-factor identity checks for access to remote services.

  • Talk to your employees about the variety of cyber threats they may face, describing potential threats such as phishing emails, suspicious websites or software downloaded from unofficial sources.

  • Use services and solutions to detect and stop the attack in the early stages, before cybercriminals reach their final targets.

  • Optimize the use of cybersecurity tools by applying extensive detection and response solutions that collect telemetry from various data sources, including endpoint data, network and cloud, to offer a comprehensive security perspective, as well as timely detection and response to existing threats.

These are some standard but very crucial steps that businesses can take to protect themselves from ransomware and other cybersecurity threats. They include creating regular backups, keeping software updated, using strong passwords and multi-factor authentication, educating employees about cyber threats, and using detection and response tools to stop attacks early.