Cyber Defense is Improving, So Is Ransomware Declining or Rising?

UPDATED August 17, 2023

In the years I've been a part of the tech sphere, it always seemed like people were preaching the same thing: hackers are getting smarter and ransoms are getting higher. And while that, for the most part, is true, we've seen an interesting trend in the cybercrime space over the past few years. Some years ransomware is declining and sometimes its not. So what's the real story here? Regardless, that doesn't mean ransomware's not a go-to tactic of our cybercriminal buddies on the dark web. Seemingly like many things in IT, it's a complicated assertion - so if it's not ransomware (or maybe it is), then what is it? 

Ransomware is defined as a type of malware that either: encrypts your data and files, locks your computer, preventing your from using it, or is a hybrid of the two. At that point your must pay a "ransom" through online payment methods (usually cryptocurrency) to the attacker in order to regain access to your data or computer. 

Ransomware is typically distributed one of three ways:

• Downloaded accidentally by users who visit malicious or compromised websites
• Dropped or downloaded by other malware
• Delivered as an email link or attachment (phishing. But don't forget the SMS variant: smishing!) 
  
  

Should You worry About Ransomware Protection? 

The short answer: Yes. The long answer: Yes, you should still worry about ransomware protection even though ransomware may or may not be on a global decline. Let me show you what I mean. 

Ransomware Was Holding Steady in 2022

While there may have been some slight decreases in ransomware, overall, the statistics show that, in 2022, ransomware attacks remained around the same frequency. In fact, the 2023 Data Breach Investigations Report from Verizon shows a steady number of ransomware occurrences globally. 

To get a little more into the weeds, according to the IBM X-Force Threat Intelligence Index 2023, “Ransomware’s share of incidents declined from 21% in 2021 to 17% in 2022.” It's a small dip, but worth the distinction. This is an interesting statistic, one many are saying is a cause for future optimism, but be warned: don't get comfortable with your IT security and protection. 

Brett Callow, ransomware expert and threat analyst for Emsisoft, says “that dip will only be temporary as the individuals involved with the operations start new ones or partner with other operations. However, the disruptions do have significant value in terms of swinging the needle of the risk-reward ratio more towards ‘risk’ and ‘intel gathering.’”

However, Alex Dow, Chief Innovation Officer for Mirai Security, attributes the slight decrease in ransomware statistics to several factors — including the war in Ukraine and improved cybersecurity solutions. Dow, who has over 20 years of Security Operations Architecture and Incident Response experience, notes that many ransomware gangs are located in Russia and Ukraine. Dow also notes that a business's endpoint detection and response solutions are getting better at catching and stopping ransomware behaviors. “This greatly reduces the efficacy of ransomware attacks and the catastrophic outcomes,” he said. “The more companies that invest in defensive capabilities, the less effective ransomware attacks will become" (Section sourced from Security Intelligence). 

So while ransomware may have had some dips throughout the last year, it's still rearing its ugly head. 

Ransomware Is Rising in 2023

Here's where we pivot. Wire.com says, "Data from cryptocurrency tracing firm Chainalysis indicates that victims have paid ransomware groups $449.1 million in the first six months of this year. For all of 2022, that number didn’t even reach $500 million. If this year’s pace of payments continues, according to the company’s data, the total figure for 2023 could hit $898.6 million. This would make 2023 the second biggest year for ransomware revenue after 2021, in which Chainalysis calculates that attackers extorted $939.9 million from victims." I hope you read that right. In the first six months of this year we have eclipsed 2022's total ransomware payout. 

To add insult to injury, just this month  the FBI confirmed they are investigating an “ongoing cyber ransomware” attack impacting Eastern Connecticut Health Network (ECHN) and Waterbury HEALTH. Just a side note: while industry is immune, healthcare is statistically one of the hardest hit industries by ransomware as they deal with sensitive, nonpublic personal information (NPI) on a daily basis. If you're reading this from a healthcare facility, take a break and talk to your IT team about how you're protecting yourself from cybercriminals. 

The worst part of this trend? The main culprit contributing to this rise is phishing. Email phishing. Even after all these years of warning employees of email credibility and spotting phishing attempts, we're still falling prey to it. "A recent report found that 75% of 1400 [organizations] surveyed suffered a ransomware attack" as a result of phishing. That is over 3/4 of the world's businesses. Regardless of what's going on in Ukraine (which is a clear indicator as to why 2022's ransomware statistics dropped), it's not the ransomware we need to worry about but the people in our businesses. We must stay vigilant and educated! I digress. 

Here's my point: Cybercriminals are constantly evolving and whether ransomware statistics are declining or rising, ransomware still exists, therefore making it a threat to your business. Be prepared or be a victim. 

Cybercriminals are constantly evolving and whether ransomware statistics are declining or rising, ransomware still exists, therefore making it a threat to your business. Be prepared or be a victim. 

How to Prevent Ransomware Attacks

Although there is no silver bullet to completely eliminate the risk of getting ransomware, there are five (#1 is your closest to a silver bullet) different methods of minimizing your chances: 

1. Employee Awareness and Training 
   I put this one in here out of spite. It's important to recognize that you're not hiring a Stephen Hawking every time you add a new person to your team. Not only are they not the discoverers of black hole emissions, but they are human. And if I'm honest, human error is the #1 reason why ransomware even occurs in a company. If your employees are not adequately trained, they will make a mistake. And that mistake could cost you millions of dollars. To reiterate: Employee Awareness Training is the closest thing to a ransomware silver bullet you'll ever need. 
   
   
2. Incident Response Plan (IRP)
   Being able to predict the future is probably not your super power. But you can get pretty dang close with an IRP. This will keep you ahead of the game and ready for whatever comes your way, disaster or not! If you have this in place, I still recommend rechecking your work and making sure there are no holes in your gameplan. We have 5 common mistakes here so you can make sure you're up to snuff. 
   
   Additionally, if you're not sure where to begin, our expert team can get you set up with the #1 way to stop ransomware from happening to your business. 
   
   
3. Web Content Filtering Software and Threat Protections Software 
   Filtering where your organization's infrastructure can navigate is important in preventing you from visiting websites that are prone to malware. It will block websites that likely contain spyware, viruses and other objectionable content and will decrease your chance of infection. This is why Centre Technologies has included web content filtering as part of Managed IT Services.
   
   Additionally, using a robust malware and virus protection software will help protect your network, computers and devices against known threats. It can be installed directly on your computer, but tends to use up system resources when running scans causing performance issues. A cloud-based anti-malware/anti-virus is another option, which does most of its processing elsewhere on the internet instead of on your local machine.
   
   
4. Email Spam Filters 
   Make sure your email service uses a good email spam filter to cut down on the amount of spam that is potentially harboring malware. A spam filter will scan incoming emails and block most of the messages containing questionable content from landing in your inbox. Or the spam filter will send the messages to a quarantine or Junk/Spam folder for you to view and decide if it’s spam. Most spam filters will allow you to adjust the settings from light to strict filtering and offer user-determined white/black lists based on email addresses, domains, IP addresses or countries of origin to cut down on the amount of unsolicited email you receive. This is why Centre Technologies manages many customer's Microsoft email services, like Microsoft 365.
   
   
5. Create and/or Update a Disaster Recovery Plan (DRP)
   This is one of your last ditch efforts if you've done everything else. Just a fail safe. Having a business continuity and disaster recovery plan in place to protect your data is a must for all companies and a standard Best Practice. Although it will not minimize your risk of getting infected, having recent backups of your data to restore from will help you recover from a ransomware attack quickly and will most likely allow you to avoid paying the ransom.

Ransomware Recovery Resources 

Here are a few additional things SMBs should think about in order to even get started in security:

1. Understand the value of the company's data. Think about what's important. A retailer wants to protect credit card data, while a doctor's office has vital patient and financial information to protect. 
2. Examine how the data is protected. Once you've determined what's important, think about how to protect the data. Who needs to have access to it? If there was a breach, what would you do? 
3. Patch your systems and conduct regular updates. Most attacks exploit known vulnerabilities. Develop processes for consistent software updates to prevent this! 
4. Collaborate with service providers. Too many companies, big or small, scrimp on IT services, but a provider with a team that knows how to secure SMB networks can save you business. 

Unfortunately, even if you follow all the above IT security rules, you can still get infected by ransomware. If you get infected, immediately report to your IT department or service provider. They can help your decide on the best course of action but the sad fact remains, you may lose your files permanently. 

Finally, it's also a good report any cybercrimes to your local FBI field office or the Internet Crime Compliant Center (IC3) so they are aware of cybercriminal activity and can investigate. They may not be able to provide you with results as a victim, but the information will help with their ongoing efforts against cybercrimes. It will also give them useful data so they can monitor patterns, frequencies and origins of cyber threats.

And if you're on the lookout for a local IT cybersecurity company to protect you from ransomware threats? Contact Centre Technologies today!