Is Ransomware in Decline?

A recent security article dared to ask a very interesting question.

“Is Ransomware in decline?”

That would be quite the story. Data breaches and their financial impact have been on the rise nearly every year going back to the beginning of the Internet. And while ransomware is only a small subset of those incidents, it has followed the same overall trend.

Naturally, there have been some ups and downs with ransomware attacks, as a study from Recorded Future shows for the period of January 2023 to January 2024.

Year over year, though, the trend is still mostly up.

Nevertheless, DataBreachToday argues that ransomware attacks might legitimately be on the decline for a few reasons that are only recently relevant:

• Even hacker groups aren't immune to the infamous “skills shortage” affecting the cybersecurity industry.
• Business disruptions from global conflicts, particularly the Russia-Ukraine war.
• Clamp downs from law enforcement agencies both capturing experienced groups and hackers and deterring others from getting into the business.

As a result, many ransomware groups are pooling resources and working with “ghost hackers” (like “ghost writers”, but a hacker instead) in order to get the hacking skills they need. In addition, they will often publicize small amounts of data collected or purchased as signs of a larger attack, despite not having the large data set to back up their claim. In turn, the fear factor and reputation of many groups is dwindling.

All of this together, and it may be possible that ransomware groups and attacks as we currently know them are slowly phasing out.

And while that would be a great thing, it doesn't mean we, as security defenders, will get a chance to relax or take a break, even if it is true.

As IBM reports, the average cost of a data breach has risen year over year to an all-time high in 2023 of $4.45 million and only 1 in 3 data breaches were discovered by the affected company and its internal security teams/tools. And ransomware is only a part of this growth in breaches, and not even the largest part at that.

So, even if ransomware is truly fading away, there are still many other threats to defend against. Moreover, just like ransomware when it first hit the scene, other new types of threats and attacks will soon appear, both for existing technologies and new ones (weaponized ChatGPT anyone?).

That is why we never encourage companies to focus on individual attacks. Instead, focus on security fundamentals that will protect against any/all attacks - current or future.

When you are doing that, then articles titled “Is Ransomware in Decline?” will appropriately lead to fun talk around the lunch table instead of huge company wide strategy shifts.

Security News

• A hack at Integris Health in November affected an estimated 2.4 million people, but the fallout from the data breach didn't end there. At least one child, M.J. - and his Oklahoma mom Teresa Johnston - said cybercriminals used the stolen data to try to extort money from them.
• The CEO of a Kansas bank that failed in August is facing up to 30 years in prison after a new watchdog report said he had embezzled nearly $50 million as part of an apparent cryptocurrency scam known as pig butchering.
• After 25 years of helping ensure a stable, secure, and unified global Internet, ICANN is adding an innovative approach to advance, expand, and protect its crucial assets. The group has launched a $200 million grant program to grow the entity for challenging times ahead.
• The Department of Justice (DoJ) has disrupted a botnet used by Russian military intelligence for widespread cyber espionage.
• Chinese hackers have developed a sophisticated banking Trojan for tricking people into giving up their personal IDs, phone numbers, and face scans, which they're then using to log into those victims' bank accounts.
• A single packet can exhaust the processing capacity of a vulnerable DNS server, effectively disabling the machine, by exploiting a 20-plus-year-old design flaw in the DNSSEC specification.
• Southern Water has admitted between five and ten percent of its customers had their details stolen from the British utilities giant during a January cyberattack.
• Prudential Financial, the second largest life insurance company in the US and eight largest worldwide, is dealing with a digital break-in that exposed some internal company and customer records to a criminal group.
• Battery maker VARTA AG announced yesterday that it was targeted by a cyberattack that forced it to shut down IT systems, causing production to stop at its plants.
• The Zoom desktop and VDI clients and the Meeting SDK for Windows are vulnerable to an improper input validation flaw that could allow an unauthenticated attacker to conduct privilege escalation on the target system over the network.

Until next time,

The Craft Compliance Team