The New Trends in Ransomware that Impacted U.S. Businesses in 2022

Without a doubt, the increased frequency and intensified scale of ransomware attacks are becoming a significant issue for tens of thousands of companies worldwide. For example, between January 2020 and July 2022, companies in the United States were the target of over half of all publicly confirmed ransomware attacks worldwide, according to data gathered by NordLocker. 

Exploring the widespread impacts of ransomware attacks, the FBI's Internet Crime Complaint Center published its 2021 Internet Crime Report, which revealed that ransomware assaults climbed by 82% between 2019 and 2021. In addition, the overall cost of assaults grew by 449 percent within the same period. In 2021, ransomware was responsible for $49 million in damages, according to the FBI. However, these losses are probably definitely an underestimation since they do not account for expenses that were not disclosed to the FBI. Neither does this figure cover the cost of lost data, time, money, equipment, or third-party clean-up. 

Exploring the New Techniques Utilized in Ransomware attacks in 2022 

Multiple threat actors exploit cybersecurity flaws to encrypt the data of all types of organizations, ranging from commercial companies to government agencies. PhishLabs' report by Fortran found that ransomware assaults are expanding by more than 100 % annually. The research explains that ransomware operators are vandalizing critical systems and uploading stolen data in record numbers. Firms that fall victim to an assault often feel helpless to find a solution due to the threat's constant growth. In addition, the cost of ransomware assaults is rising, with the average ransom demand reaching $220,298 in 2021 and related recovery expenses totaling $1.8 million.  

Cloudwards estimates that 37% of all enterprises and organizations were affected by ransomware in 2021, with 32% paying the ransom but recovering just 65% of their data. Furthermore, because of the substantial profits that can be made via ransomware attacks and the intense rivalry between ransomware gangs, ransomware and its agents are continuously adapting their strategies and developing new ones.  

Before actually encrypting a company's data, some ransomware gangs now use a strategy involving the ransomware operator stealing confidential information from the targeted business. Then, if the demanded ransom amount is not paid, the ransomware group will threaten to publish the encrypted data publicly. Sometimes ransomware operators take threats even further by using the third stage of extortion, which may involve placing threatening phone calls to workers or initiating denial-of-service (DoS) assaults on the websites of businesses.  

The Emergence of Human-Driven Ransomware Attacks 

As time has progressed, ransomware has gone from being a simple, pre-programmed threat to a sophisticated, human-driven, adaptable, and globally-focused one. Modern ransomware attacks sometimes incorporate extensive data theft in addition to encryption to increase the potential damage to the victim and, by extension, the attacker's chances of collecting a larger compensation. With double extortion, attackers threaten to reveal sensitive data they have stolen if the victims do not pay the ransom. As a result, victims of successful ransomware operations may suffer irreparable harm. 

Human-operated ransomware assaults are one of the most hazardous types of cyberattacks now trending because they use a variety of techniques to succeed, one of which is the use of command and control (C2) infrastructure. These attacks often begin with the recipient opening a spear-phished email containing a malicious attachment. This attachment typically contacts a C2 server to get further instructions and execute any necessary payloads. Subsequently, these payloads stay put on the device. They communicate with a set of C2s periodically, waiting for instructions and control from a human operator as part of ransomware-as-a-service. After the first hands-on-keyboard phase, post-exploitation frameworks are often controlled from a distant C2 to carry out activities, including reconnaissance, privilege escalation, lateral movement throughout the network, data exfiltration, and bulk file encryption.  

Uncovering the Impact of Ransomware Attacks on Businesses 

Let us look at the potential harm a ransomware assault might bring to a small or medium-sized firm.  

1. Business Losses - If the ransomware attackers encrypt your business-critical files,  your company may have to close for days or weeks while you attempt to restore the data. According to Statista, the average downtime caused by ransomware attacks climbed from 15 days in Q1 2020 to 22 days in Q3 2021. In this instance, downtime is when a company has less than 100 percent productivity or significant business disruption. 
2. Ransom Payment - If your enterprise is under attack, you might lose hundreds of thousands of dollars in ransom without any assurance that your data will be recovered. The cost of a ransomware assault might vary based on the sort of attack, the quantity of encrypted data, and the type of company you operate. According to a survey released by GRC World Forums, the average ransomware payout increased to $570,000 in 2021, up from $312,000 in 2020. 
3. Damage to Reputation - Your company's reputation might be severely harmed if knowledge of the assault spreads, which it likely will. The data and sensitive information of your current customers might be compromised due to the assault, making it harder to retain existing clients and customers and preventing others from doing business with or cooperating with your organization in the future. Forbes Insights discovered that 46% of organizations experienced reputational and brand value loss due to cybersecurity breaches. Due to third-party security breaches or I.T. system failures, 19% of firms incurred reputational and brand harm. 
4. Regulatory Penalties: If the attack compromises sensitive consumer data, you might be susceptible to regulatory fines, which would be an extra financial burden to an already regrettable scenario.

Deploy Network Penetration Testing & Formulate a Disaster Recovery Plan 

Every company should include penetration testing in its cybersecurity strategy. Working closely with a penetration testing partner will aid in streamlining the operation, swiftly identifying vulnerabilities, and providing direction for implementing risk mitigation solutions against ransomware assaults.  

Attackers often use weaknesses to spread ransomware. To fight ransomware, it is necessary to identify these weaknesses. The penetration testing process involves the following:  

1. Strategy: The penetration tester creates a strategy outlining the scope of the test and the known attack vectors to exploit.  
2. Reconnaissance: The penetration tester uses various technologies to identify access pathways, valuable resources, and live vulnerabilities.  
3. Exploitation: The penetration tester attempts their attack, often using various social engineering techniques, well-known attack routes, and developing attack vectors.  
4. Study & Analyze: the pentester creates a report outlining their assault, what they did, the potential harm to the organization, vulnerabilities uncovered, and recommendations for eliminating them and upgrading security processes.  
5. Remediation: The business must identify the most significant results from a penetration test and devise a strategy to mitigate or rectify the vulnerabilities.  

While ransomware prevention is focused on attempting to prevent and trying to defeat attacks, the objective of a disaster recovery (D.R.) solution is to guarantee that data and/or infrastructure are accessible to restore operations as soon as possible, with the least amount of information loss and the lowest amount of downtime. 

Partner with Truvantis to Strengthen Your Cyber Strategy 

To help enterprises get ahead of cyber hazards, the Truvantis penetration testing team employs a hands-on strategy with specialized technologies. Through working with us, your company will be able to not only fix the problems we find but also locate noncompliance issues and resolve them, create better rules and regulations and establish a practical security system.  

About Truvantis 

Truvantis® is a cybersecurity consulting organization providing best-in-class cybersecurity services to secure your organization's infrastructure, data, operations and products. We specialize in helping our customers improve their cybersecurity posture by implementing, testing, auditing and operating information security programs.