Share This:

Every year, cybercriminals devise new ways to steal credentials, access sensitive data, and disrupt business. In 2024, the most significant cybersecurity challenge may actually be overcoming a familiar threat: ransomware.

According to the World Economic Forum (WEF), ransomware activity was up 50% year-over-year during the first half of 2023. That trend is on track to continue this year. Data from Statista indicates that more than 72% of businesses were affected by ransomware last year, and the cost of data breaches has increased by 15% over the past three years.

Driven by new technology, Ransomware–as–a–Service (RaaS) kits now make these attacks much easier and faster to deploy. There has been a simultaneous increase in the number of connected mobile devices and Internet of Things (IoT) implementations, which has expanded the attack surface. Artificial intelligence (AI) tools are helping criminals automate and accelerate attacks, while the shortage of cybersecurity experts remains a problem as well.

This has been profitable for ransomware gangs, which have extracted payments from an increasing number of victims – rising from 10% in 2019 to 54% in 2022, according to the WEF.

In addition, the attacks have become more brash, targeting critical infrastructure and healthcare providers. The ALPHV/BlackCat organization, for example, not only attacked the Leigh Valley Health Network and stole patient data, but the group also targeted individual patients with ransom demands by threatening to release clinical photos.

The same ransomware gang filed an SEC complaint against another victim (MeridianLink) when the company refused to pay its ransom. They claimed it had failed to disclose its attack within the required time frame. (MeridianLink was actually in compliance.)

Harvard Business Review article outlined several factors that helped fuel this increase in ransomware. First, cloud solutions are often misconfigured, with overly permissive access, unrestricted ports, and insufficient backup. Second, there was some complacency among companies that felt they had sufficient backup and other protections in place. Ransomware gangs have responded with more frequent attacks and extracting (rather than encrypting) data, then threatening to release it publicly. Finally, criminals are leveraging vendor relationships that allow supply chain or side-door attacks through less-protected third parties.

What can MSPs do to combat ransomware?

Clearly, ransomware isn’t going away any time soon. Even though ransomware gangs are employing new technology and tactics, the remedies remain the same:

  1. As the WEF pointed out in its report, early detection is critical to a multi-layered cybersecurity strategy.
  2. Deploying cybersecurity platforms that leverage AI can help automate detection efforts. This also will help MSPs, and security experts predict zero-day attacks based on known vulnerabilities.
  3. MSPs and their clients must also increase awareness efforts – most successful breaches trace to human error. Implementing routine training and cyberattack simulation technology can help keep employees up-to-speed on spotting these attacks.
  4. Companies need a multi-layered security approach that protects endpoints, networks, data, and applications (including cloud solutions). They must also deploy multi-factor authentication as a baseline, preferably using zero-trust approaches. Continuous monitoring via a 24/7 security operations center (SOC) is also increasingly necessary.
  5. Traditional strategies are also still essential. Ensure software is up to date, security patches are installed, and data is backed up according to best practices. If an attack occurs, it’s much easier to avoid paying the ransom and recover from it if you have a solid backup and recovery solution in place.

While ransomware awareness is higher than ever, and companies are spending more time and effort to avoid these attacks, criminals are increasing their efforts to steal data and obtain payments using new technology. By remaining vigilant and deploying the latest security tools with traditional training and best practices, MSPs and their clients can reduce the likelihood of a successful attack while ensuring a speedy recovery when (not if) there is a breach.

This post was originally published at XaaS Journal.

Photo: 1st footage / Shutterstock


Share This:
Chris Crellin

Posted by Chris Crellin

Chris Crellin is Senior Director of Product Management for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management. Chris joined Barracuda MSP from Backupify/Datto, Inc. where he was responsible for product strategy and execution of their cloud backup SaaS portfolio. Prior to Datto, he spent 14 years with RSA, the Security Division of EMC. He was the lead product manager for the RSA SecurID portfolio after having started his career as a software engineer.

Leave a reply

Your email address will not be published. Required fields are marked *