ansomware first rose to dominance as cybercriminals ’ main weapon of choice way back in 2020 . Since then , it has been top of the global security agenda , plaguing businesses , public services and individuals alike .
Organisations have had to quickly pivot their cybersecurity , data protection and disaster recovery strategies to adjust to this new pandemic .
But is it making a difference ? Ransomware and cyber-resilience remains the number one priority for most security teams three years on , and the endless headlines of high-profile ransomware victims keep on coming . Is the end in sight ? What ’ s changed since 2020 , and what still needs to happen to close the ransomware loop for good ?
Mixed signals ?
Answering that first big question is not simple . For example , data suggests that in 2022 the global number of ransomware attacks dropped significantly ( having doubled in 2021 ) and analysis from blockchain company Chainalysis reports that the total value of ransomware payments paid in 2022 also dropped significantly – both positive signs that globally ransomware is slowing down .
However , the Veeam Data Protection Trends Report 2023 and Ransomware Trends Report 2023 , both large-scale surveys of unbiased organisations across EMEA , the Americas and APJ , paint a different picture . The former found that 85 % of organisations suffered at least one cyberattack over the last year ( an 9 % increase from the previous year ) and the ransomware report , which exclusively surveyed businesses that had suffered an attack , found that a shocking 80 % of companies had paid a ransom to recover data .
Other industry surveys typically show similar findings , so why is there a disconnect between total global numbers and what the majority of individual companies are saying ?
While targeted surveys can give us a valuable temperature check of a certain region or industry , total global numbers are tricky . Naturally , sheer scale is a factor but when it comes to ransomware , there can be reluctance to admit to having suffered a data breach and some insurance policies outright prevent companies from doing so .
Tracking crypto payments is not an exact science either , as many addresses will not have been identified on the blockchain and thus will be absent from global data . In certain regions like EMEA , we are seeing more openness to share when it comes to ransomware , as leaders recognise that collaboration and information-sharing can help move the security industry forward and build jointly greater resiliency .
What ’ s changed ?
So , amongst all this grey , what has changed for definite ? Naturally , threats are constantly evolving and becoming more sophisticated . But this is a fundamental of cybersecurity – protection and resilience efforts that improve alongside this and the cat-and-mouse game goes on and on .
With ransomware specifically , we ’ ve seen attitudes to paying demands continue to swing back and forth . Two years ago , one of the largest ever ransomware payments was paid simply to ‘ prevent any potential risk ’. Since then , education on just how unreliable , unethical and untimely this is as a strategy was improved across the industry but two further flies in the ointment have arrived which have made kicking ransomware payments for good far more difficult .
One is cyber insurance . This is a field that has changed drastically since the rise of ransomware , and it remains highly volatile to this day . Cyber insurance is not a bad thing , of course , it gives businesses financial resilience against a near-certain threat . However , it has also given organisations a means of paying ransomware demands .
The Veeam Ransomware Trends Report 2023 found that 77 % of respondents who paid demands did so with insurance money . Premiums continuing to rise may eventually halt this , as will a growing number of policies specifically excluding ransomware from their cover .
Perhaps the bigger factor , and the reason why companies feel they have no choice but to pay ransoms in the first place , is attacks increasingly targeting backup repositories .
Recent reports revealed that cyber villains were able to affect the backup repositories in three out of four attacks .
Edwin Weijdema , Field CTO EMEA and Lead Cybersecurity Technologist at Veeam
Perhaps the bigger factor , and the reason why companies feel they have no choice but to pay ransoms in the first place , is attacks increasingly targeting backup repositories .
WWW . INTELLIGENTCISO . COM 49