Infosecurity Europe
4-6 June 2024
ExCeL London

Top Five Ransomware Trends You Need to Know Today

The scourge of ransomware became headline news in 2021, with the volume of attacks and payment demands reaching eye-watering levels. High profile victims included Colonial Pipeline, which took the largest US fuel pipeline offline for several days, and meat processing giant JBS. In both cases, it has been reported that a ransom payment was made to the attackers to restore systems.

What is Ransomware? 

Typically, this vector involves the attacker gaining access to the victim’s network, before activating a form of malware called ransomware that locks devices and causes data across the network to be encrypted.

The victim is then sent an on-screen ransom notification, demanding a payment in exchange for a decryption key that enables them to regain access to their systems and data. Often, the financial cost of recovering from a ransomware attack far exceeds the attackers demand.

In the past couple of years, ransomware actors appear to be acting with impunity, without regard for the enormous, and potentially life-threatening damage caused by their attacks. For example, hospitals have been frequently target, a fact that has been linked to increased mortality.

This vector, sadly, is highly lucrative for the perpetrators, meaning it is set to remain a major threat for the foreseeable future.

Here are the five biggest ransomware trends Infosecurity is observing following a tumultuous few years:

1. Victims Reluctant to Pay Ransom Demands

Encouragingly, recent reports suggest that ransomware victims are increasingly less likely to pay extortion demands. For example, a report by Chainalysis in January 2023 found a massive 40% fall in ransomware payments in 2022 compared to 2021.

The biggest factor in this trend is growing pressure from governments, who are taking steps to ensure ransom payments are legally riskier while stopping short of outlawing it altogether. This includes advisories being issued by the US government warning organizations about the consequences of paying cyber actors operating under economic sanctions.

2. The Rise of Ransomware-as-a-Service

Worryingly, the barriers to entry to launching ransomware attacks are reducing substantially thanks to the evolution of the ransomware-as-a-service model. Here, the developers of ransomware strains are essentially acting as businesses, offering their tools and expertise for hire. This means even low-skilled cyber-criminals are able to distribute malware, widening the pool of potential threat actors.

This model both maximises profitability for organized cybercrime gangs and makes it harder for them to be tracked down by law enforcement, due to the layer of separation between the malware developers and distributors.

3. Ransomware Actors Are Adapting Tactics to Evade Detection

The societal consequences of ransomware attacks, particularly when impacting critical services, means governments and law enforcement agencies are treating this issue increasingly seriously.

The past couple of years have seen members of numerous high profile ransomware gangs arrested and ultimately handed heavy prison sentences.

Growing law enforcement action has led to ransomware actors adapting their tactics to evade detection. This includes a rise in the number of unique ransomware strains in operation, resulting in less concentration among the top few variants.

In the Chainalysis report, the researchers observed a regular “rebranding” of ransomware strains in 2022, as threat actors sought to further obfuscate their activity. In 2022, the average ransomware strain remained active for just 70 days, representing a huge reduction compared to 153 days in 2021 and 265 days in 2020.

4. Focused Targeting of High-Value Sectors

Ransomware operators appear to be taking a ‘less is more’ approach to their attacks, focusing on high-value targets to maximise disruption and extortion payments.

Governments and law enforcement agencies have recently issued warnings about the threat to high-value and critical sectors. Of particular concern is incidents affecting critical industries like healthcare and the public sector that can have huge consequences for the general population.

Another concerning trend is ransomware attacks that aim to take down central government services. In May 2022, Costa Rica was forced to declare a national emergency after ransomware attacks took down IT systems across several ministries.

5. More Stringent Insurance Coverage for Ransomware 

Cyber insurance has been a controversial topic, with many arguing that it exacerbates the ransomware epidemic. However, there are now signs that cyber insurers are limiting policy coverage for ransomware attacks, and are consequently less likely to cover ransom payments.

In addition, insurance firms are demanding improved cybersecurity measures in clients, including actions that allow them to recover quickly from a ransomware attack, such as comprehensive backup systems.

It is hoped that the changing approach of insurers will continue to reduce the incentive for organizations to pay over time.

Enjoyed this article? Make sure to share it!

Looking for something else?