EDITOR ’ S QUESTION
STEVE STONE , HEAD OF RUBRIK ZERO LABS
The first piece of complacency organizations must guard against is the notion a reduction in ransomware attacks will mean businesses are more secure . There are a few big-picture things to keep in mind . First , although attacks do appear down , this is solely compared to the previous year which broke all records .
Second , simply measuring volume misses the rapidly growing complexity of ransomware . From nationstate-supported attacks to Ransomware-as-a-Service profoundly changing the criminal market , a lot is happening aside from just counting the number of ransomware events .
In other words , ransomware attacks are evolving and those behind them are refining their methods . As long as there is money to be made in ransomware , the threat will continue . For example , last year we saw an undeniable rise in attacks involving data theft combined with encryption events . While this wasn ’ t fully new to 2022 , attackers ’ preference for multiple extortion options became clear over the last year . It is likely this trend will continue to accelerate over the coming year , though with a new shakedown method woven in – the threat of data destruction .
Cast your mind back to Australia ’ s highest-profile attacks last year . There was a clear trend of attackers favoring data exfiltration and extortion over encryption , but the impact on the victims – and their customers – was no less devastating . As such , we expect to see a corresponding decrease in pure encryption-style ransomware events .
Why is this likely to happen ? There are three reasons at play .
Firstly , technology and best practices are improving victims ’ ability to recover data without paying the ransom for a decryptor . Further , organizations now understand that paying for a decryptor often results in lost data or subsequent ransom demands . This negates any potential payout the attacker might receive .
Secondly , cybercriminals have realized the ‘ hack and leak ’ ransomware method provides a secondary way to monetize their efforts . This becomes more pronounced as regulations and governance requirements increase .
Thirdly , it is much easier to steal data and threaten to leak or destroy it than it is to create an effective encryption / decryption tool . Simultaneously , data destruction can place extreme stress on the victim , which acts in the cybercriminal ’ s favor and that is why we expect to see this become more commonplace in 2023 .
So , while the threat being levelled at the victim is evolving , the core premise remains the same – infiltrate an organization , attack their data , hold it to ransom .
Ransomware as we know it might be changing , but the threat isn ’ t going anywhere . This is why combining infrastructure security measures with data security is critical for cyber-resilience , ensuring your organization can quickly get back up and running .
Ransomware as we know it might be changing , but the threat isn ’ t going anywhere .
www . intelligentcio . com INTELLIGENTCIO APAC 33