Highlights –

  • Research has shown that 74% of IT decision-makers think that ransomware should be regarded as a subject of national security.
  • The analysis also showed that the United States was the country most affected by ransomware, despite the decline in ransomware assaults.

Not many cyber threats create as much anxiety for security teams as ransomware attacks do. Angst over ransomware threats is so high that 74% of IT decision-makers think ransomware should be regarded as a subject of national security due to the use of double and triple extortion schemes.

But according to GuidePoint Research and Intelligence Team’s (GRIT) quarterly ransomware threat report, the number of victims dropped by 34% from Q1 to Q2 of this year.

Even though this news may send some reprieve for security teams, the study said that the decline was caused by the Conti cyber gang’s rearrangement and the launch of Lockbit’s 3.0 Ransomware-as-a-Service (RaaS) product.

Drew Schmitt, a principal threat analyst at GuidePoint Security and ransomware negotiator, expressed his thoughts on this: “This does not appear to be a part of a larger trend of ransomware slowdown as Q3 has begun with large upticks in posting rates and four new ransomware groups being added to the ransomware threat landscape.”

The current ransomware threat landscape

Despite a decline in ransomware assaults, the analysis also showed that the United States was most affected by ransomware. It named Lockbit 2, Alpha, Conti, and Blackbasta as the top four cyber gangs, according to a number of victims who revealed their identities publicly.

Furthermore, security teams must be ready for a rise in attacks in the second half of this year despite the decline in ransomware during this quarter.

Now that Lockbit 2 has been relaunched as Lockbit 3.0, it seems likely that the RaaS economy will keep expanding. Schmitt noted in his official announcement, “We expect to see an uptick of Lockbit 3.0 activity and potentially other restructuring and consolidation in affiliate-based ransomware operations.”

In the future, businesses will need to be even more cautious about ransomware threats if this prediction proves to be accurate because even cybercriminals with limited technical skills will be able to launch cyberattacks based on complex ransomware infections developed by other underground threat actors.

Important ramifications for CISOS

CISOs need a plan to fortify their company’s security in case of an increase in ransomware activity later this year.

How this is done will depend on each enterprise’s priority risks. However, Schmitt claims that the bulk of threat groups are exploiting vulnerabilities and misconfigurations that tried-and-true cybersecurity fundamentals can avoid.

This entails applying patches and updates to eliminate potential entry points as well as using vulnerability and attack surface management tools to identify and fix any public-facing vulnerabilities before a threat actor can use them to their advantage.

Proactive efforts must be taken to gradually improve the security of the company to make continuous improvements in the security posture. This will make it difficult for an intruder to access the environment and encrypt or exfiltrate data.