Experts weigh in on where the ransomware threat is today—and the steps IT teams need to take to confront it

Ransom—where?

Ransomware attacks were on the rise for many years, until they began to decline in 2022. But threat actors are improving their tactics, meaning targeted companies and organizations will have to turn to stronger security operations.

Vulnerabilities that lead to ransomware attacks are often a symptom of bigger security hygiene issues, Mike Wiacek, CEO of Stairwell, told IT Brew. Over time, those flaws can build up and open the door to vulnerabilities that can be exploited by threat actors of all kinds—raising concerns that adversaries have more lines of attack.

“Ransomware may be the one that causes you the pain that’s most visible, but the underlying disease that was untreated is fundamentally the real concern that we overlook,” Wiacek said.

We shall fight on the beaches. Undetected malicious software can be used as a “beachhead” for ransom attacks, but the fact that the threats can go so long undetected indicates greater problems at the core of IT security that need to be dealt with. Wiacek told IT Brew that what’s required is better practices.

“When you start thinking about this as a hygiene problem, the best way to stop ransomware is to make sure that you don’t have compromised devices on your networks in the first place that can then be used as beachhead to get ransomware to show up,” Wiacek said. “The ounce of prevention is worth a pound of cure.”

Part of the threat landscape, according to a new Rapid7 analysis, is widespread exploitation vulnerabilities. Caitlin Condon, the Rapid7 report’s lead author, told IT Brew that the reduction may well be the result of a more sophisticated class of cybercriminal.

“We’ve seen that the cybercrime economy is mature, it’s specialized, it is geared towards speed,” Condon said.

Reductions and reasons. Ransomware attacks decreased by 39% from December 2022 to January 2023, NCC Group found—but the 165 January attacks were still the highest recorded number for that month yet, beating out the same period in 2022 and 2021 easily. Hackers targeted firms in North America and Europe the most, followed by Asia. Combined, the three regions made up 86% of attacks.

The NCC Group report’s lead author, Matt Hull, told IT Brew that reductions in ransomware attacks and payments are in part the result of external factors like the war in Ukraine. A large number of cybercriminals are based in Ukraine and in Russia, and the conflict between the two countries has thrown that into chaos.

“You’ve got lots of people that operate within that region— within Eastern Europe, Russia, and so on and so forth—who have been displaced and who have been drawn into the conflict,” Hull said.

Fixes. Ransomware attackers have been staying power in part, GitHub CSO Mike Hanley told IT Brew, because they target “well-known unpatched vulnerabilities that allow those adversaries to take hold without needing to worry about having to have access to an expensive zero-day attack.” That’s a problem with a pretty simple solution.

“The solution to that is relatively well understood, which is patching,” Hanley said. “I don’t mean to trivialize how hard that can be, especially in a big enterprise. But…I don;t feel like we’ve made sufficient progress as an industry on things like that.”

NCC’s Hull recommends a number of steps IT teams can take to address vulnerabilities. Switching passwords, practicing how to spot social engineering and phishing, and patching infrastructure are essential.—EH