The majority of ransomware attacks began with the exploitation of public-facing applications, data retrieval from compromised user accounts, and malicious emails, a new report by Kaspersky reveals.

According to the IT Security Economics report, over 40% of companies faced at least one ransomware attack in 2022, and small to medium-sized businesses spent on average $6,500, while large companies paid $98,000 to return to their activities. These figures reveal that ransomware attacks continue to be widespread and can strike any company at any time.

Statistical data from Kaspersky’s Incident Response Analyst Report “The Nature of Incidents in Cyberspace” show that nearly 43% of the ransomware attacks investigated by Kaspersky experts in 2022 began with the exploitation of public facing applications, followed by data from user accounts that had been compromised in the past and malicious emails with 24% and 12% respectively. The aim of the invaders was not extortion or data encryption, but the extraction of personal data, intellectual property, and other sensitive information. In most of these cases, the known credentials had already been compromised and there were no objects left for analysis by the time the crime was discovered due to the policies of switching log files, therefore it was not possible to investigate how these data leaked.

The report also revealed that the longest-lasting ransomware attacks began with the exploitation of public-facing applications (open to the public), with just over 2% of them lasting for a year and more.”

Expanding on the above information:

Ransomware is a type of malicious software (malware) that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data upon payment. The methods of ransomware attack in 2022, as detailed in this report, include exploiting vulnerabilities in publicly accessible applications, taking data from previously compromised user accounts, and sending malicious emails.

The report states that over 40% of companies have encountered at least one ransomware attack in 2022, highlighting the prevalence of such threats. Costs associated with these attacks vary, with smaller businesses spending an average of $6,500 to recover, while larger corporations expend significantly more – $98,000 on average. This cost includes ransom payments, system restoration, downtime, and other associated costs such as crisis management and reputation damage control.

The attackers’ primary goal was not simply to encrypt data for ransom but also to extract valuable information like personal data and intellectual property. This shows a shift towards data theft, which can be exploited in various ways, including selling the data on the dark web, identity theft, or even potential industrial espionage. Unfortunately, in many of these cases, the breach was discovered late, making it challenging to investigate how the data was leaked.

Lastly, the report reveals that the most prolonged ransomware attacks began with the exploitation of public-facing applications. These attacks can last over a year, causing long-term disruption and damage to the affected organizations.