Adrian Johnson
TLDR:
– Ransomware attacks remained a significant threat to organizations in 2023
– Lessons learned from the year include the resurgence of ransomware, slow and steady corruption tactics by attackers, the rebranding of ransomware gangs, rising costs of cyber insurance, and the need for effective recovery strategies.
2023 saw a resurgence of ransomware attacks, contradicting the belief that the worst was behind us. While there was a temporary decline in the first quarter, attacks surged by 74 percent in the second quarter and resulted in high-profile incidents, such as the $100 million ransomware damage caused by a 10-minute phone call to The MGM Grand and Clorox’s attack costing over $25 million.
Slow and steady corruption became the winning tactic for ransomware gangs, with subtle changes in data encryption over large amounts of data avoiding detection. This strategy often resulted in increased ransom demands. Additionally, ransomware gangs rebranded and offered ransomware as a service, giving their malware unique signatures but employing similar data-corrupting methods.
The cyber insurance industry, facing considerable strain from increasing ransom payouts, witnessed rising costs, making coverage unaffordable for some high-risk business sectors. Insurers also became more selective about the attacks they were willing to cover.
Downtime caused by ransomware attacks reached months and resulted in significant disruptions to businesses, with some hospitals even closing. Many organizations focused solely on preventing attacks, overlooking the importance of recovery and validating network and backup data. A cyber recovery plan, integrating cyber security with data storage and leveraging cyber analytics, is crucial to early detection and effective recovery.
