The 2023 Ransomware Insights report published by Barracuda Networks focused on an interesting fact: Pay the ransom, get hit again. Their study showed that while 31% of organizations hit just once with a ransom attack had paid the ransom, 34% of those hit twice had paid the first time and 42% hit three or more times had paid the other times. Quite the trend.
Of the respondents, targets that paid the ransom to restore their data:
- 31% got hit once
- 34% of those were hit twice
- 42% of those were affected three times or more
Multiple attacks reported by sector include:
- 53% Energy, oil/gas, and utility firms
- 46% of financial services
- 29% healthcare
“The relatively high proportion of repeat victims suggests that security gaps are not fully addressed after the first incident.” said Fleming Shi, CTO, Barracuda.
And with 27% of organizations not feeling fully prepared for a ransomware attack, the report brings into question the effectiveness of cyber insurance.
Hit by a ransomware attack:
- With Insurance – 77% hit
- No Insurance – 65% hit
- 39% of the companies with cyber insurance paid the ransom
- 22% of organizations without cyber insurance paid the ransom
- 70% of organizations that were affected by multiple attacks had cyber insurance
Christopher Peacock, Principal Detection Engineer, SCYTHE has this comment:
“The conclusion section of the report has two critical highlights I see for protecting against the deployment of ransomware. The first point is to patch public-facing vulnerabilities, which means organizations must first identify what services are public facing to the internet.
“The second point says, “The release of ransomware is often the final stage of attack and can be preceded, for example, by lateral movement, data exfiltration, the installation of additional tools, and more. If you can detect and block the attack at these earlier stages, you might be able to prevent the full impact of the ransomware.” Though prevention is ideal, we see actors continue to get through the cracks, so organizations must have robust alerting capabilities for the precursors before the ransomware deployment. Furthermore, alerts aren’t helpful unless they trigger a response, so having a process to verify that process for common ransomware precursors is paramount.
“This approach was recently highlighted in the Red Canary Yearly Report in their statement, “We focus on trying to detect ransomware precursor activity in the initial access, reconnaissance, and lateral movement phases and help our customers stop it before it gets to exfiltration or encryption. The result is that we see many more so-called ransomware precursors than we do actual ransomware payloads.”
Morten Gammelgaard, EMEA, co-founder, BullWall follows up with this:
“The Barracuda Ransomware Insights report suggests that paying the ransom doesn’t prevent future attacks, and in fact industries like energy, financial services, and healthcare are still more prone to suffer from multiple attacks.
“Companies can learn from this report by prioritizing their cybersecurity measures, improving their security posture and having a proactive approach to security. Cyber insurance is not a guarantee, and in fact may be encouraging attacks. Companies should have an incident response plan in place and run regular attack simulations to be prepared. Finally, organizations should collaborate with industry peers and share best practices to stay ahead of cyber threats.”
The best defence from being pwned ransomware is not to get pwned. But if you do get pwned, you need to make sure that you get pwned again. It really looks bad on any organization that is in that position, which means that you should not be that guy.
Like this:
Like Loading...
Related
This entry was posted on April 5, 2023 at 8:17 am and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Repeat Ransomware Victims Are On The Rise Says Report
The 2023 Ransomware Insights report published by Barracuda Networks focused on an interesting fact: Pay the ransom, get hit again. Their study showed that while 31% of organizations hit just once with a ransom attack had paid the ransom, 34% of those hit twice had paid the first time and 42% hit three or more times had paid the other times. Quite the trend.
Of the respondents, targets that paid the ransom to restore their data:
Multiple attacks reported by sector include:
“The relatively high proportion of repeat victims suggests that security gaps are not fully addressed after the first incident.” said Fleming Shi, CTO, Barracuda.
And with 27% of organizations not feeling fully prepared for a ransomware attack, the report brings into question the effectiveness of cyber insurance.
Hit by a ransomware attack:
Christopher Peacock, Principal Detection Engineer, SCYTHE has this comment:
“The conclusion section of the report has two critical highlights I see for protecting against the deployment of ransomware. The first point is to patch public-facing vulnerabilities, which means organizations must first identify what services are public facing to the internet.
“The second point says, “The release of ransomware is often the final stage of attack and can be preceded, for example, by lateral movement, data exfiltration, the installation of additional tools, and more. If you can detect and block the attack at these earlier stages, you might be able to prevent the full impact of the ransomware.” Though prevention is ideal, we see actors continue to get through the cracks, so organizations must have robust alerting capabilities for the precursors before the ransomware deployment. Furthermore, alerts aren’t helpful unless they trigger a response, so having a process to verify that process for common ransomware precursors is paramount.
“This approach was recently highlighted in the Red Canary Yearly Report in their statement, “We focus on trying to detect ransomware precursor activity in the initial access, reconnaissance, and lateral movement phases and help our customers stop it before it gets to exfiltration or encryption. The result is that we see many more so-called ransomware precursors than we do actual ransomware payloads.”
Morten Gammelgaard, EMEA, co-founder, BullWall follows up with this:
“The Barracuda Ransomware Insights report suggests that paying the ransom doesn’t prevent future attacks, and in fact industries like energy, financial services, and healthcare are still more prone to suffer from multiple attacks.
“Companies can learn from this report by prioritizing their cybersecurity measures, improving their security posture and having a proactive approach to security. Cyber insurance is not a guarantee, and in fact may be encouraging attacks. Companies should have an incident response plan in place and run regular attack simulations to be prepared. Finally, organizations should collaborate with industry peers and share best practices to stay ahead of cyber threats.”
The best defence from being pwned ransomware is not to get pwned. But if you do get pwned, you need to make sure that you get pwned again. It really looks bad on any organization that is in that position, which means that you should not be that guy.
Share this:
Like this:
Related
This entry was posted on April 5, 2023 at 8:17 am and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.