WhatIsTheNews.press

By Sundar Balasubramanian, Managing Director, India and SAARC, Check Point Software Technologies Ransomware threats have long been considered a persistent and escalating problem in the cybersecurity industry. However, recent data suggests that this may not be the case after all. While millions of ransomware attacks still occur each year, there has been a decline in the number of such threats. In fact, in October of this year, there was a noticeable dip in the number of ransomware attacks across critical infrastructure sectors. According to Check Point Software Technologies, one in 34 companies globally has experienced an attempted ransomware attack in the first three quarters of 2023, marking a 4% increase from last year

In India, ransomware incidents saw a significant 53% increase in 2022 compared to the previous year, as reported by the Indian Computer Emergency Response Team (CERT-In). Among the various ransomware variants, Lockbit emerged as the predominant one in India, followed closely by Makop and DJVU/Stop ransomware. The report also highlighted the emergence of new variants like Vice Society and BlueSky in 2022. Makop and Phobos ransomware families primarily targeted medium and small organizations, while Djvu/Stop variants were more prominent in attacks against individuals. Notably, these attacks often resulted from organizations and individuals failing to update patches for known vulnerabilities. Despite the decline in ransomware threats, it is still important for companies to remain vigilant

While it is possible that ransomware may become extinct in the coming years, the global cybersecurity situation is far from calming down. Ransomware gangs have started shifting focus from destruction and chaos to exfiltration of data. One reason for this change is the advancement of cyber security defenses. The deployment of advanced defense measures, including a stacked prevention-first approach and the utilization of artificial intelligence and machine learning, has made it increasingly difficult for cyber criminals to succeed in their attacks. Furthermore, running attack operations comes with its own costs, and if the return on investment diminishes, cyber criminals may start exploring other, more lucrative avenues. Recent incidents have highlighted this shift in focus

For example, a hacking group contacted the U.S. Securities and Exchange Commission (SEC) after successfully hacking a California-based company's digital assistants and stealing data. The group claimed that the company failed to disclose the breach within the required timeframe. This change in tactic demonstrates that companies are becoming less likely to disclose attacks, prompting hackers to take matters into their own hands by contacting regulators. To protect against data exfiltration, certain measures can be taken

Encrypting data at rest and in transit can make it nearly impossible for cyber criminals to access and sell stolen data. Additionally, encrypting backups can prevent attackers from going back in time to target sensitive information. It is also crucial to have dedicated key management for cloud-based data repositories to mitigate risks associated with third-party providers. Lastly, ensuring adequate endpoint hygiene, such as disk encryption and proper identity access management, can minimize the misuse of identities and prevent unauthorized privileged access. While it is unlikely that ransomware will completely disappear, these changing dynamics can make it harder for attackers to succeed

By implementing the recommended measures, companies can increase their resilience against data exfiltration and potentially discourage hackers from targeting them altogether.