While
ransomware numbers may fluctuate by season and region, it cannot be overstated
that ransomware is becoming more sophisticated
and targeted. Ransomware
attackers target all types of organisations, from healthcare and educational
institutions to service providers and
industrial enterprises.
At the
beginning of 2023 LockBit, one of the world’s most prolific ransomware groups, remained in the
first place among the top five most influential and prolific ransomware groups.
REvil and Conti were replaced by Vice Society and BlackCat. The remaining
ransomware groups that formed the top five at the beginning of 2023 were Clop
and Royal.
“Ransomware
groups around the world continue to improve their techniques. They are driven
by three main factors. First, it is the chances of getting caught when
attacking a certain organisation. The second factor is the size of ransom they
can potentially receive. Finally, they always estimate the technical difficulty
of the attack. If any one of these parameters goes out of line with the plans
of the attackers, they reconsider,” comments Dmitry Galov, Head of Kaspersky
Global Research and Analysis Team (GReAT), Russia. “Installing effective
security solutions will likely draw ransomware groups away from an
organisation. It is a necessary investment, as ransomware attacks can result in
disastrous consequences such as permanent loss of information, disruption of
business processes, loss of time, harm to reputation, and huge financial
losses.”
Kaspersky
Endpoint Security for Business, Kaspersky Small Office Security and Kaspersky
Internet Security have demonstrated 100%
effectiveness against ransomware attacks in Advanced Threat Protection Test
assessments by AV-TEST. In 10 different full-chain attacks, the products did
not lose a single user file.
To combat ransomware and assist those affected, the National High Tech
Crime Unit of the Dutch National Police, Europol's European Cybercrime Centre,
Kaspersky, and other partners jointly launched the No More Ransom initiative in 2016. On the official website, participants provide decryption
tools, guidelines, and instructions to report cybercrimes, irrespective of the
location of the incident. These invaluable resources have helped victims of 173
ransomware families retrieve their data without making any payments.
Additionally, the initiative aims to raise awareness about ransomware and
preventive measures to avoid infections. As a founding member of No More
Ransom, Kaspersky has been a key contributor since the initiative's
inception.
To protect yourself and
your business from ransomware attacks, consider following the rules proposed by
Kaspersky:
- Do not expose remote desktop/management
services (such as RDP, MSSQL, etc.) to public networks unless absolutely necessary
and always use strong passwords, two-factor authentication and firewall
rules for them.
- Promptly install available patches for
commercial VPN solutions providing access for remote employees and acting
as gateways in your network.
- Always keep software updated on all the
devices you use to prevent ransomware from exploiting vulnerabilities.
- Focus your defense strategy on detecting
lateral movements and data exfiltration to the Internet. Pay special
attention to the outgoing traffic to detect cybercriminals' connections.
- Back up data regularly with special
attention to offline backup strategies. Make sure you can quickly access
it in an emergency when needed.
- Avoid downloading and installing pirated
software or software from unknown sources.
- Assess and audit your supply chain and
managed services’ access to your environment.
- Prepare an action plan for reputational
risk of your data exposure in the unfortunate event of data theft.
- Use solutions like Kaspersky Endpoint
Detection and Response Expert and Kaspersky Managed
Detection and Response service which
help to identify and stop the attack on early stages, before attackers
reach their final goals.
- To protect the corporate environment,
educate your employees. Dedicated training courses can help, such as the
ones provided in the Kaspersky Automated
Security Awareness Platform.
- Use a reliable endpoint security
solution, such as Kaspersky Endpoint Security for Business that is powered
by exploit prevention, behaviour detection and a remediation engine that
is able to roll back malicious actions. KESB also has self-defense
mechanisms which can prevent its removal by cybercriminals.
- Use the latest Threat Intelligence information to stay aware of
actual TTPs used by threat actors. The Kaspersky Threat Intelligence
Portal is a single point of access for Kaspersky’s TI, providing
cyberattack data and insights gathered by our team for over 25 years.
In Q2 2023 ransomware attacks in South Africa increased by 10% compared to Q1
KasperskyRansomware remains one of the main threats to information security globally and in the META region. In 2022, the average cost of a ransomware attack was US$4.54 million (according to IBM’s data breach report), and Kaspersky solutions detected over 74.2M attempted ransomware attacks (20% increase to 2021). While the beginning of 2023 saw a decline in the number of ransomware attacks, in Q2 some regions saw an upward trend and even when compared to the same period in 2022. According to Kaspersky Security Network data, in Q2 2023 South Africa saw a 10% increase in ransomware attack attempts on individual and corporate users compared to Q1 2023. All these attempts were blocked by Kaspersky solutions.