NovaMDR leverages leading-edge security technology and world-class security experts
We are committed to supporting our customers in their journey towards regulatory compliance.
ForeNova represents a new way for companies to put an end to relentless, and often undetected, cyber threats coming from every direction. With ForeNova’s unified command center, businesses can detect threats that are already inside their network, and previously unknown.
11 Nov, 2024
5 Nov, 2024
1 Nov, 2024
Table of content
According to the 2023 Verizon Security Report, ransomware became involved in 24% of all cyber breaches. Ransomware attacks no longer affect one aspect of an organization. Legacy ransomware focusing on encrypting files for ransomware caused minimal to substantial damage to organizations. Modern-day ransomware impacts far more than previous attacks. In 2023, German companies faced cyberattacks like ransomware malware, password attacks, and phishing. 31% of businesses were affected, with CEO fraud being the least common attack.
This article discusses the various trends surrounding ransomware attacks and what organizations can do to help prevent propagation from spreading across their enterprise.
Organizations have several options to help stop ransomware, including deploying artificial intelligence-enabled email security tools and endpoint security software and partnering with firms like Forenova Security to leverage their managed detection and response (MDR) services.
Data breaches from ransomware continues to grow in 2024, partially because of the continuous success hackers have achieved. Supply chain attacks, double extortion, and attacks against unpatched systems continue to become hackers' most preferred attack surfaces in 2023 and 2024.
2023 witnessed several national and international ransomware attacks causing financial and operational damage to their targets. These attacks spread across manufacturing, education, government, and airlines. Most of these attacks either followed the traditional method of encrypting files until the ransom was paid or the hackers released portions of the stolen content to entice their victims to pay up.
In August 2022, Semikron, a German semiconductor manufacturer, experienced a ransomware attack that partially encrypted its network, with the attackers claiming to have taken 2TB of documents.
Continental, a German automotive parts company, was attacked by LockBit ransomware in October. The attackers claimed to have stolen 40TB of files and demanded $50 million for the data.
In June 2023, this Taiwan-based semiconductor manufacturer suffered a crushing ransomware attack allegedly caused by the global hacker group Lockbit. International law enforcement classifies this attack as a supply chain attack. The ransomware attack happened against a TSMC's supply chain partner. Lockbit successfully executed the attack against Kinnmax. Because of this attack, Lockbit demanded a ransom of $70 million. While TSMC didn't become breached because of the attack on Kinnmax, they disconnected this supplier from their data-sharing portal. The hackers attempted to extort TSMC by threatening to expose their files.
TSMC held firm and did not pay any ransom. However, this attack had a financial and operational impact on their supply chain as they continued disconnecting other ecosystem partners from the data-sharing portal.
Ransomware attacks against local, state, and federal governments are widespread. In 2023, the City of Dallas, Texas, became the latest victim of ransomware by the known hacker group Royal.
On Wednesday, May 03, 2023, Royal started a ransomware attack on the City of Dallas by encrypting servers with Microsoft tools. The city quickly responded by taking high-priority services offline. City teams worked on removing Royal from the network before starting service restoration. Resources were restored for restoration efforts, with some services like Public Safety Computer-Aided Dispatch being restored immediately.
More importantly, the City of Dallas did not pay a ransom to Royal. However, they paid close to 8.5 million dollars in damage and clean-up costs because of the attack.
In July 2023, the University of Hawaii disclosed that it had paid ransomware attackers. The incident occurred before July, when NoEscape, a previously unknown hacker group, targeted Hawaiian Community College with ransomware. Throughout this period, there was increased attention on cyber attacks, particularly the attacks on MOVEit.
Attackers stole 65GB of data from the university and threatened to publish it, putting the personal information of 28,000 people in jeopardy. The university paid the ransom to protect the data and paid close to $250,000 dollars to the hacker group. Most of the funds came from the State of Hawaii State Insurance fund.
2023 recorded a significant comeback for ransomware attacks, including more ransom payments. This year, more AI-powered ransomware and email phishing attacks were recorded — a significant change from 2022.
More to the point, according to Statista, "from January to October 2023, the estimated cost of downtime in U.S. healthcare organizations caused by ransomware attacks was 14.7 billion U.S. dollars."
A possible reason for the surge in ransomware could be connected to past compelling events centered on Russia invading Ukraine. Several hacker groups, including remnants of Anonymous, Ukraine Underground Army, cl0p, and the REViL group, took up virtual arms against Russia. In 2024, many groups either continued with their Hacktivism or disbanded because Russian Intelligence crackdown or global law enforcement hunted them down.
Sweden's joining NATO has caused an increase in ransomware attacks. A ransomware attack on Tietoevry, a Finnish IT services provider, has severely impacted Swedish entities like government agencies and schools.
The Akira ransomware hacking crew carried out another attack against a Finnish and Swedish entity, adding to their long list of cyberattacks.
The financial implications of ransomware center on the cost of credit scoring repair and monitoring services, increases in cyber insurance, or fines and penalties. Each security event is costly, regardless of the number of systems affected or victims.
In 2023, 72% of businesses worldwide were targeted by ransomware attacks, a significant increase from previous years. Since 2018, over half of organizations surveyed each year reported falling victim to ransomware.
However, according to a report filed by Axios.com, only 29% of ransomware victims paid the ransom to recover their data.
As witnessed during the 2023 City of Dallas ransomware attack, the city paid out millions in damages and clean-up costs. Yet, no ransomware was paid. However, city operations were severely affected. According to the After Action Report filed by the City of Dallas, several critical departments faced operational challenges during the security breach.
Financial reward isn't always the intent of a ransomware attack. Ransomware groups focusing on Hacktivism look for ways to deface websites, execute Distributed Denial-of-Service (DDoS) attacks against foreign government systems, or find acceptable ways to expose personal information about a CEO or head of state.
Ransomware and extortion increased by over 66% from 2022 to 2023. Globally, Ransomware-as-a-Service (RaaS) continues to become more accessible on the dark web. Hackers no longer require extensive programming knowledge to launch a ransomware attack.
However, the good news is that organizations continue to make strategic investments in cyberattack prevention architectures powered by AI, including extended detection and response (XDR), Zero Trust for remote access and network segmentation, endpoint security, decryption tools, and backup and recovery systems, to help expedite returning access to data before the ransomware event.
MDR is required for several company regulations, including HIPAA, PCI-DSS, NIS2, DORA, GDPR, and CCPA, just to name a few. These regulations require the organization to prove that it has the capacity and capability to respond to next-generation AI-powered cyberattacks and the increase in velocity.
Forenova Security is a leading provider of cybersecurity services and MDR offerings. For organizations seeking a partner to augment their current security operations (SecOps) team or provide a complete 24x7 monitoring and response, threat intelligence, and other cyber defense tools, Forenova Security has access to experienced engineers to meet your business and compliance goals.
Learn more about the 5 most common types of ransomware