In 2023, there were 1,900 known ransomware cases in just four countries. On average, a new file-locking attack strikes a victim every 11 seconds. As many as 72.7% of businesses claim ransomware has affected them.
The simple truth is that no business is safe from it. Banks, police, schools, casinos, hospitals, and governments have all been victims this year.
Victims suffer both financial and psychological consequences days or even years after threat actors receive the ransom. And 80% of businesses that pay the ransom are victimized again.
Whenever major cyber threats are discussed, ransomware is constantly at the top of the list — and this has been the case for the past few years.
But why is ransomware still one of the biggest cybersecurity challenges for 2023?
An Evolving Threat
Cybersecurity companies keep developing better protective solutions that can detect and block the signs of ransomware — before hackers get a chance to encrypt sensitive documents and send out a ransom payment note on the screen of the victim.
Ransomware started as a file-locking threat. The attacker would infect the device and ask for a ransom in exchange for the decryption key.
Later, hackers would get into the network and get their copies of documents before encrypting them and asking for ransom.
Depending on the attacker, they might even put additional pressure on the victim with other attacks — such as Distributed Denial of Service (DDoS).
Lately, bad actors have been skipping the locking of the files when deploying ransomware — meaning the tools that are trained to look for signs of encryption cannot register their activity.
They gain access to the documents, steal them, and threaten that they will leak them if the ransom isn’t paid.
Ransomware Gangs
Another problem is that ransomware is developed as part of organized crime groups — ransomware gangs. They create their strains of malware that feature recognizable signatures.
In 2023, some of the most prolific ransomware gangs so far were Lockbit, BlackCat, and Clop.
In most cases, they target major enterprises or governments because they know they can ask them for more significant sums of money.
For example, the ransomware group known as Clop was behind the MOVEit attack detected in June — one of the largest cyberattacks of 2023.
They exploited zero-day flaws to compromise the data on this transfer file software to steal sensitive information. In the process, they compromised the data of over 600 companies that used MOVEit services.
Weeding Out Ransomware Requires Mitigating Phishing
On one hand, ransomware strains have gotten better at bypassing what is more and more sophisticated cybersecurity solutions. On the other hand, ransomware is possible because of the tactics that require not technical knowledge but that of human psychology.
Ransomware is closely interlinked with phishing schemes over the phone or email.
Recently, two casinos, Caesars and MGM, have been attacked by the same ransomware group — BlackCat.
To gain illicit access to their IT systems, hackers used social engineering tactics. For example, to get into MGM’s system, the gang found their tech employee via LinkedIn and used this information when contacting their support desk.
After the call, it took them just 10 minutes to enter the system and deploy malware.
Companies invest a lot of money in cybersecurity solutions. Still, hackers gain entry by what is the easiest — exploiting the trust and biases of humans who work in the targeted companies.
Low Barriers Make for Easy Entry
Today, ransomware is accessible to both sophisticated hackers and anyone willing to log into the dark web and pay for the service via hacking forums.
While major ransomware cases are linked to ransomware groups such as Clop and BlackCat, anyone with an internet connection can exploit this threat.
Those who want to deploy the malware themselves can buy the strain of ransomware and try to target a business with it.
Another option is to use Ransomware-as-a-Service — paying and letting the more sophisticated hackers do it for you.
Since it’s not difficult to find the guidelines for conducting this disruptive cyber attack and it’s often available as a service, the attacker doesn’t need an advanced computer or hacking knowledge to obtain and use ransomware.
Companies Still Pay the Ransom
Some threat actors might do it to disrupt the service or governments, but for the majority, the goal of ransomware attacks is to demand ransom for financial gain.
Affected businesses are always advised not to pay the ransom because it encourages (and directly finances) further ransomware activity.
Regardless, many businesses still pay when they can’t afford to rebuild their entire infrastructure or when they realize that is the only way to regain access to their important files.
Since this is a common threat, businesses are better prepared for it. They have anti-ransomware software to detect attempts at file-locking, and they do backups of the most critical files.
As a result of better preparedness and new regulations, the number of businesses that paid the ransom has decreased this year.
However, the amount criminals ask for has doubled compared to the previous year to what is now $1.5 million. The earnings are higher than ever before.
Whether businesses decide to pay or not, it sends a clear message to cybercriminals about whether the ransomware crimes pay or not.
A Cybersecurity Challenge for 2023 That Persists
Organizations are better equipped to fight ransomware threats today than ever before. But they’re also up against a threat that is frequent and evolving. As soon as a new security solution comes out, cybercriminals come up with a different strain.
Therefore, getting rid of this threat once and for all is challenging, and ransomware remains one of the top cybersecurity challenges for 2023.
The most organizations can do is to create as many barriers as they can — have an anti-ransomware solution, invest in phishing training, regularly back up their data, apply patches, and accept software updates.
Brian Wang is a Futurist Thought Leader and a popular Science blogger with 1 million readers per month. His blog Nextbigfuture.com is ranked #1 Science News Blog. It covers many disruptive technology and trends including Space, Robotics, Artificial Intelligence, Medicine, Anti-aging Biotechnology, and Nanotechnology.
Known for identifying cutting edge technologies, he is currently a Co-Founder of a startup and fundraiser for high potential early-stage companies. He is the Head of Research for Allocations for deep technology investments and an Angel Investor at Space Angels.
A frequent speaker at corporations, he has been a TEDx speaker, a Singularity University speaker and guest at numerous interviews for radio and podcasts. He is open to public speaking and advising engagements.