Ransomware, to stem the growth we need to act on prevention

Unresolved software vulnerabilities fuel ransomware attacks. Full-blown cases grow by 13% in a year, according to Verizon. Posted on 25 May 2022 by Valentina Bernocco

Ransomware attacks continue to grow around the world, despite some temporary declines due mostly to the dismantling of criminal gangs that are, however, ready to reform without too many problems. Within a year, ransomware incidents grew by 13%, according to data from verizon's new report, based on the analysis of nearly 24,000 real security incidents (for the forecast 23,896, including 5,212 confirmed breaches; cases were reported by law enforcement, law firms and forensics, Cert and Isac centers and government agencies). Something similar emerged from Ivanti's latest report (based on data owned by Ivanti and CSW, public databases, reports from computer researchers, and teams specializing in attack testing), which reported a 7.6% increase in vulnerabilities associated with ransomware attacks in the first quarter of 2022 versus the first quarter of 2021. In addition, the activities of the Apt groups, Advanced Persistent Threat, linked to ransomware, have increased by 7.5%, and this is a sign of how this type of attack increasingly targets specific targets, which are studied and hit surgically. It is also moving towards a greater diversification of the ransomware typologists circulating, even if in this case the year-on-year increase is only 2.5%. And there is another variable on the rise, unfortunately: the amount of ransom demands. On average, within a year (between the first quarter of 2021 and the first quarter of 2022) the cybersecurity company Group-IB recorded a 45% increase in the average amount required of European companies affected by ransomware. The calculation is based on the analysis of 986 European companies victims of ransomware attacks whose data has been exfiltrated and uploaded to data leak sites. And from these real cases it also appears that Italy is in third place in Europe and fifth place in the world as the most affected country.

The problem of vulnerability The news of the numerical growth of ransomware is no longer surprising, although perhaps the incredible rise of this threat, which we have witnessed in recent years, should have pushed companies and users to adopt better protection measures. The impression is that companies are focusing a lot on limiting the consequences of ransomware, for example with backup and data recovery technologies, as well as providing insurance coverage that also protects them from damage resulting from ransomware. On the other hand, the prevention of attacks is neglected a little. To improve pre-sales defence capabilities, timely vulnerability detection would be crucial, followed by rapid corrective action.

It only takes a few days (eight days from the release of patches, on average, according to Ivanti) to hit targets by intercepting flaws discovered. Installing patches in a timely manner is crucial, also because the most popular antiviruses fail to detect some of the vulnerabilities related to ransomware, specifically over 3.5%. "The inability of antivirus solutions to detect ransomware-related vulnerabilities is a major problem," said Aaron Sandeen, CEO of Cyber Security Works, "and our experts constantly monitor these types of attacks in every search. The good news is that the number decreased in the first quarter, showing that security vendors are handling the problem better. We still detect 11 ransomware vulnerabilities that have not been resolved, five of which are classified as critical and associated with ransomware groups such as Ryuk, Petya and Locky."