A Palo Alto Networks research report says ransomware and extortion actors are utilizing more aggressive tactics to pressure organisations, with harassment involved 20 times more often than in 2021. This harassment is typically carried out via phone calls and emails targeting a specific individual, often in the C-suite, or even customers, to pressure them into paying a ransom demand.
The 2023 Unit 42 Ransomware and Extortion Report says ransomware demands continued to be a pain point for organisations this past year, with payments as high as US$7 million in cases that Unit 42 observed. The median demand was US$650,000, while the median payment was US$350,000 indicating that effective negotiation can drive down actual payments.
Global key trends
Attackers add pressure with multi extortion
Ransomware groups are layering extortion techniques for greater impact, with the goal of applying more pressure on organisations to pay the ransom. Some of these tactics include encryption, data theft, distributed denial of service (DDoS) and harassment. Data theft was the most common of the extortion tactics, with 70% of groups using it by late 2022, up 30% from 2021.
Leak sites drip with data
In 53% of Unit 42’s identified ransomware incidents involving negotiation, ransomware groups have threatened to leak data stolen from organisations on their leak site websites. This activity has been seen from a mix of new and legacy groups, indicating that new actors are entering the landscape to cash in as legacy groups have done.
Ransomware groups attack society’s most vulnerable
Attackers are actively targeting schools and hospitals, demonstrating how low these actors are willing to stoop in their attacks.
In Asia and Singapore
- The total number of ransomware attacks in APAC increased by 35.4% to 302
- With 18 reported ransomware attacks, Singapore trailed Thailand (28) and is ahead of Indonesia (14), Malaysia (11), the Philippines (11) and Vietnam (9)
- High technology, manufacturing, Professional & Legal Services and State & Local Governments remained the most targeted sectors in Singapore
What's in store in 2023
Unit 42 predicts that 2023 will be the year of large cloud ransomware compromise. The group also predicts a rise in extortion related to inside threats. Perhaps more devastating will be the use of ransomware and extortion to distract from attacks aimed at infecting supply chains and source codes.
Recommendations
Use extended detection and response (XDR) to ensure complete visibility. Empowering defenders to isolate computers as malicious activity is detected can help reduce the likelihood of attackers
spreading to other endpoints. This in turn reduces the impact of ransomware encryption.
To increase protection, mature organisations are moving toward automating this isolation via Security Orchestration, Automation, and Response (SOAR) technology.