Ransomware trends and recovery strategies companies should know

Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in software or operating systems.

Cybercriminals often target organizations with weak cybersecurity measures, outdated software, or inadequate employee training on recognizing and preventing phishing attacks.

In this article, you will find excerpts from ransomware attacks surveys we covered in 2023. Using this data, your security team will gain knowledge that can benefit future security strategies.

Ransomware attacks set to break records in 2023

Ransomware attacks continue at a record-breaking pace, with Q3 2023 global ransomware attack frequency up 11% over Q2 and 95% year-over-year (YoY), according to Corvus Insurance.

Companies scramble to integrate immediate recovery into ransomware plans

The fact that companies are reevaluating strategies they have in place, especially considering that nearly two thirds (63.1%) of those surveyed have multiple data protection and ransomware detection tools at their disposal, signals that prevention is not enough and that legacy data protection falls short.

Ransomware groups continue to increase their operational tempo

The manufacturing and technology industries were the 1st and 2nd most impacted by ransomware, followed by retail & wholesale as the 3rd most impacted. The retail & wholesale vertical has experienced a steady quarterly climb in observed victims throughout the year, jumping from 9th place with 38 victims in Q1 to its current spot in the top three with 98 victims.

Stronger ransomware protection finally pays off

Hornetsecurity revealed that 92.5% businesses are aware of ransomware’s potential for negative impact. Still, just 54% of respondents said their leadership is ‘actively involved in conversations and decision-making’ around preventing such attacks. 39.7% said they were happy to ‘leave it to IT to deal with the issue’.

Cybercriminals can go from click to compromise in less than a day

China has shifted part of its attention to Eastern Europe, while also maintaining a focus on Taiwan and other near neighbors. It displays a growing emphasis on stealthy tradecraft in cyberespionage attacks — a change from its previous “smash-and-grab” reputation.

Ransomware groups are shifting their focus away from larger targets

US-based organizations remain a prime target for ransomware operators, with the highest number of ransomware victims in the first half of 2023 (949) – accounting for nearly half of all ransomware attacks. This figure represents a 69.94% increase compared to the second half of 2022.

Ransomware dwell time hits new low

Median attacker dwell time—the time from when an attack starts to when it’s detected—shrunk from 10 to eight days for all attacks, and to five days for ransomware attacks during the first half of 2023, according to Sophos.

New disturbing ransomware trend threatens organizations

One of the most noteworthy trends that aligned with this growth in 2023 has been the growth of encryption-less extortion, a style of cyberattack that prioritizes data exfiltration over disruptive encryption methods.

75% of consumers prepared to ditch brands hit by ransomware

81% of consumers report feeling “very scared or worried” about their data being held by organizations lacking robust resilience against ransomware. After an attack, 1 in 3 consumers demand evidence of resilient backup and recovery strategies, and 30% lose all confidence in the company’s data protection plan.

Ransomware cyber insurance claims up by 27%

Coalition found that both claims frequency and severity rose for businesses in early 2023 across all revenue bands. Companies with over $100 million in revenue saw the largest increase (20%) in the number of claims as well as more substantial losses from attacks – with a 72% increase in claims severity from 2H 2022.

Ransomware attacks go beyond just data

Threat actors are getting increasingly bold in their ransomware demands, giving their targets no choice but to relent and pay to get their data back and restore daily operations. As a result of this ongoing and growing problem, 80% of organizations surveyed stated that they expect their spending in support of ransomware preparedness to increase over the next 12 to 18 months.

Data exfiltration is now the go-to cyber extortion strategy

Ransomware groups increasingly target the exfiltration of files, the unauthorized extraction or transfer of sensitive information, which has become the primary source of extortion. This new tactic indicates file backup solutions are no longer a sufficient strategy to protect against ransomware.

The ransomware rollercoaster continues as criminals advance their business models

Ransomware shows no signs of slowing, with ransomware activity ending 13 times higher than at the start of 2023 as a proportion of all malware detections, according to Fortinet.

The race against time in ransomware attacks

Although paying a ransom is generally considered an action of last resort, 90% of global survey respondents said their organization would—some unequivocally, some depending on the cost consider paying a ransom if it meant they could recover data and business processes, or recover them faster.

12 vulnerabilities newly associated with ransomware

Ransomware groups are continuously weaponizing vulnerabilities and adding them to their arsenal to mount crippling and disruptive attacks on their victims. In Q1 2023, researchers identified 12 vulnerabilities newly associated with ransomware.

New coercive tactics used to extort ransomware payments

GRIT’s analysis shows an increase in the use of novel coercive tactics by numerous prolific ransomware groups that follow the “double extortion” model of operations, where the ransomware operators not only encrypt files on corrupted networks and hosts, but also exfiltrate data.