Large Ransomware groups responsible for 50% of attacks in 2024

Ransomware is a type of malware that encrypts (locks) data on your computer, such as files and programs, until a ransom fee is paid to the attacker. Ransomware is one of the most disruptive forms of cyber attacks. It is vital to understand its impact and how to protect your business.

So far, in 2024, 50% of all ransomware attacks have been undertaken by just six groups. With approximately 7.8 million cyber-attacks faced by UK businesses in 2023, it is important to understand the threats and how to best protect your business.

?

Who Are the Six Ransomware Gangs?

A ransomware gang is a group of cybercriminals who attack digital infrastructure with a type of malicious software called ransomware. They often have financial gain as motivation, as victims are required to pay a significant sum to regain access to their critical data. Typically, they operate in a decentralised manner, with individual members carrying out attacks on behalf of the group, making it difficult for law enforcement to track and stop the gangs.

The six large gangs responsible for these attacks are:

• ?? Lockbit 3.0. They are one of the most prolific ransomware gangs and are believed to be responsible for a large number of high profile attacks. They operate a ransomware-as-a-service (RaaS)model, allowing anyone to purchase and use their services easily, making attacks quick and efficient. ?
• The Play. This group is known for its particular interest in healthcare providers, threatening to release confidential patient data if its demands are not met.
• 8base. This is a relatively new ransomware group that has adopted the double extortion model, encrypting systems and simultaneously exfiltrating sensitive data, threatening to release it if the ransom demands are not met.
• Akira. This group target supply companies and uses sophisticated attacks to infiltrate networks as quietly as possible to avoid detection.
• BlackBasta. This group use data theft as a primary extortion tactic, often releasing stolen data before encrypting systems, increasing the pressure on organisations to pay the ransom.
• Medusa. This gang is known for targeting critical infrastructure and using advanced encryption techniques to disrupt operations. They demand significant ransoms to decrypt the data.

?

These groups all have a few common tactics. These include data exfiltration, the practice of transporting data out of a successfully attacked network; data encryption, the practice of scrambling data to a unique pattern and requesting ransom demands, charging large fees to either not release the exfiltrated data or to provide the key to unscramble encrypted data.

?

The Effects of Ransomware on a Business

Ransomware has three main effects on most businesses that are successfully attacked with this method. These include operational disruption, financial loss and reputational damage.

Operational Disruption

A successful ransomware attack has the ability to halt all of a business's digital operations. If all the data has been encrypted, no critical business files will be available. This includes documents, files and folders, as well as application data and sometimes even computer operating systems. Even with effective disaster recovery and backups, operational disruption can be significant, as IT teams may need considerable time to fully restore systems. ?There may also be an amount of data lost; this should be in line with the Recovery Point Objective, which is the defined amount of data that can be tolerated to be lost. An example of this would be the data created in between backup times.

Financial Loss

Financial losses from a ransomware attack can stem from data recovery costs, lost business, or extra operational expenses due to downtime. With the average cost of a cyber attack being over ￡10,000 for UK businesses, it can be devastating to a business.

Reputational Damage

A ransomware attack can also seriously damage a business’s reputation. Customers expect businesses to have a baseline of cyber security to protect themselves against cyber threats, and failing to do so can make it difficult to retain customers’ trust and gain new customers. This damage to your company’s image can take years to recover from and sometimes can be impossible.

?

How to Protect Your Business From Ransomware

There are a number of methods to protect yourself and your business from Ransomware attacks. A few tips include:

• Regular backups of all critical data. Whilst a backup won’t prevent a ransomware attack, it does provide a comprehensive copy of your data to recover in the event it is required. This means that if you are attacked, you can recover your data without having to pay a ransom. Reliable software, such as the CTRL-S backup software, allows a simple platform to automate and monitor the success of your system backups.
• Security awareness training. Training your team on security issues is critical. With 41% of ransomware attacks originating from a phishing attack, it is critical for your team to be able to identify and avoid phishing attacks and other common social engineering attacks. Programs such as Cyber Wise [DL1]?[CB2]?are designed to make this seamless so that you can create a culture of data security awareness.
• Robust infrastructure security. Ensuring your infrastructure has its guards up, with a range of infrastructure security methods such as firewalls, antimalware software, and endpoint detection and response (EDR) software increases the ease of attack. At CTRL-S, we use a wide range of tools that seamlessly integrate to protect your infrastructure.
• Incident response planning. Having a well defined incident response plan in place can help you respond quickly and effectively to a cyber incident. Your incident response plan should include system isolation, data restoration, and notification of relevant third parties, such as the ICO.

?

Conclusion

Ransomware is a serious threat to all modern businesses, but there are many steps you can take to protect yourself. Get in touch to see how CTRL-S can help you follow the tips outlined in this article to keep your business safe from ransomware attacks today.