Ransomware continues to be the number one threat to large and medium-sized businesses, a new report from cybersecurity experts Acronis says.
Based on data from the company’s Cyber Protection Operation Centers, the findings say over-complexity in IT and infrastructure has led to an increase in attacks, with government agencies, as well as private companies of all sizes, being targeted.
According to the report, over-complexity in IT and infrastructure has resulted in many organizations running, for extended periods of time, unpatched software. This, together with all sorts of malware, enables threat actors to infect company endpoints, steal sensitive data, encrypt it with ransomware (opens in new tab), and then demand payment in exchange for the decryption key, and in exchange for not leaking the stolen data to the public.
Phishing for starters
Software flaws aside, threat actors are also deploying numerous phishing campaigns, which seem to be working. In fact, nearly one percent of all emails contain malicious links or files, and more than one-quarter (26.5%) of all emails were delivered to the user’s inbox. In other words, they weren’t blocked by email service providers.
Given the success rate of ransomware attacks, threat actors’ appetite seems to be growing. As per the report, the Conti gang recently demanded as much as $10 million in ransom from the Costa Rican government and later published almost 670 GB of stolen intel. A separate threat actor called Lapsus$ stole 1TB of data and leaked the credentials of over 70,000 NVIDIA users. The group later stole 30GB of T-Mobile’s source code.
The havoc ransomware operators are wreaking has caught the eye of the U.S. government, too. After last year’s attack on Colonial Pipeline, a major oil pipeline in the U.S., law enforcement managed, albeit briefly, to shut down REvil, a major ransomware operator at the time. Today, it offers a $15 million bounty on any useful information about Conti’s leaders.
“Today’s cyberthreats are constantly evolving and evading traditional security measures,” said Candid Wüest, Acronis VP of Cyber Protection Research. “Organizations of all sizes need a holistic approach to cybersecurity that integrates everything from anti-malware to email-security and vulnerability-assessment capabilities. Cybercriminals are becoming too sophisticated and the results of attacks too dire to leave it to single-layered approaches and point solutions.”