The IT Nerd

Ransomware isn’t just a “thing” as the kiddies would say. It’s an insanely prevalent and dangerous threat. If you’ve been reading my blog for a while, I’ve illustrated the costs and effects of ransomware. Thus anything that highlights the need to be better protected against ransomware is a win in my books. Which is why I applaud the fact that Anti-Ransomware Day exists as it really brings this threat to light and reminds all of us to do whatever we can to make sure that this day is no longer required.

I got the thoughts of Nic Finn, Senior Threat Intelligence Consultant, Guidepoint Research and Intelligence Team (GRIT) at GuidePoint Security on Anti-Ransomware Day.

“As we step into the fourth Anti-Ransomware Day, it’s clear that ransomware is still a dominant threat for organizations across the globe. Looking at GRIT’s ransomware dataset, we’ve observed a steady increase in victims published by ransomware groups. In 2021, from January 1st – May 12th, GRIT observed just over 700 reported victims. In 2022, that number increased to just over 1,000. So far, in 2023, we’ve observed more than 1,300 reported victims. This increase of roughly 300 reports per year also correlates to a shift in active groups, with Lockbit bounding to the most active group in 2022 and increasing their lead in 2023.”

“What’s more important than the number of reported victims and targeting by ransomware groups is how organizations are prepared to defend against and respond to ransomware. The availability of CISA’s Stop Ransomware resources is a massive value add for proactive organizations looking to protect against these threat groups. Additionally, defenders need to understand how they should respond when faced with a successful ransomware attack. Many organizations today still jump to check the ransomware group’s chat and can often have a negative impact on successful negotiation or delayment strategies. These teams should set up playbooks to ensure a coordinated and calculated response to ransomware attacks, which includes a thorough evaluation of the environment, solid backup practices, and knowledge of critical information and systems utilized across the environment.”

Just to highlight the sorts of things that Nic is seeing, I have the latest GRIT Ransomware Report for you to review. Along with that, I’m going to give you some resources to use. Starting with The Ransomware Playbook that the Canadian Center For Cybersecurity put out. The CISA has done something similar with their Ransomware Guide. Both are great resources and I highly recommend reading both.

This entry was posted on May 12, 2023 at 8:56 am and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.