• The average lifespan of ransomware attack gangs is about 17 years.
  • Every one out of four ransomware attacks in 2021 was on the manufacturing sector, which impacted the global supply chain.

A new IBM research suggests that ransomware attack groups might have nine lives, as 17 months is the average lifecycle of these groups before they are shut down or rebranded. Attention on the part of the Government and law enforcement takedowns in 2021 may have decreased the number of ransomware activities. Still, data proves that many ransomware groups could be in hibernation, gearing up to rebrand and restructure their infrastructure to retaliate stronger. These groups have substantial funding to support their rebranding efforts.  Today, ransomware attacks are one of the most lucrative business models for these troops.

In 2021, these cyber criminals had their eye on the manufacturing industry, one of the worst-hit sectors. Ransomware attackers knew about the loopholes of the global supply chains due to the pandemic, and, hence, they predominantly targeted the manufacturing industry. One in four ransomware attacks were targeted towards the manufacturing industry. This is proof that the attackers were aware of manufacturers’ crucial role in every economy.

For instance, Asia, one of the largest supply chains in the world, was one of the top targets for attackers. The ransomware attackers were certain of an attack’s impact on the global economic ecosystem.

The retaliation of these ransomware attackers makes it crucial for businesses to have an effective action plan if they fall within the scope of operators. Rehearsing playbooks and stimulating real-life cyberattacks can help organizations become more resilient against the attacks. Businesses will also be forced to update their infrastructure and analyze where they should store sensitive data. Furthermore, this will allow enterprises to become more aware of the “who, what, and why” of their data.

The research conducted by IBM will give you an overview of data points ranging from network and endpoint detection that it monitors to X-Force red engagements, X-force’s threat intelligence insights, and data provided by report contributors such as Intezer. The research also includes real-time data from IBM’s internal and external open sources and cyber-attack incidents that IBM x-force has responded to.