The result of WithSecure's analysis is that attackers are consolidating their efforts and leveraging the "Ransomware-as-a-Service" packages already available.
The current threat posed by ransomware continues to worry organizations. However, new research published by WithSecure (formerly known as F-Secure Business) highlights a potential opportunity to disrupt the cybercrime ecosystem that has exacerbated the problem in recent years. A new threat update report from WithSecure has found that ransomware was the most prevalent type of threat identified in 2021, demonstrating its predominance over other attacks suffered by organizations. However, the number of new ransomware families and unique variants discovered by researchers in 2021 has decreased significantly compared to previous years. There are several theories that could explain this decline. Christine Bejerasco, Chief Technology Officer at WithSecure™, believes this is likely due to threat actors consolidating their efforts, creating new opportunities to combat the problem. "While attackers are indeed consolidating their activities around core competencies, this makes leading ransomware-as-a-service providers crucial links in threat actor supply chains. If we can break these ties by neutralizing these important suppliers, we could very well disrupt the ecosystem and give some relief to the defenders, at least for a while," Bejerasco explains. Other significant ransomware developments highlighted by the threat update include: • Ransomware accounted for nearly 17% of identified threats detected in 2021, making it the most prevalent type of threat of the year. WannaCry was the most prevalent ransomware family in 2021, followed by three ransomware-as-a-service (RaaS) families: GandCrab, REvil, and Phobos. • In 2021 ransomware continued to target a variety of industries and used different methods to penetrate defenses, so no organization could be considered excluded from these attacks. While seeing room for optimism based on recent observations, Bejerasco warns that the breakthrough against ransomware gangs is complicated. Organizations, markets and countries need to adopt a co-security approach to the problem, which can prove challenging. "Unlike authorities, threat actors can operate across borders with impunity, which is an advantage. Advocates need to focus on results-based security practices, first understanding the organizational or business outcomes they want and designing cybersecurity measures to support those outcomes. From here, organizations can identify the risks to those outcomes, the digital assets exposed to those risks, and the potential cyber threats those assets face," he says. "Only at this point can they design a cybersecurity strategy that the entire organization can support because it protects and supports the goals they want to achieve."