Disruptions to operations likely be the leading driver for victims to pay ransoms, global cyber risk management company Arete says.
MUMBAI, Apr 25 (The CONNECT) – Ransomware groups will likely continue evolving their operations this year to aggressively access, steal, and encrypt victim data, Arete, a leading global cyber risk management company, said.
New malware, leaked source code and builders, and an influx of AI tools will continue to lower the barrier of entry into cybercrime, the firm said in its 2023 Annual Crimeware Report.
Cyber threat actors continually evolved their operations to become faster, stealthier, and wealthier throughout the last year.
Actors became increasingly aggressive in negotiation techniques, demanding notably larger ransoms as fewer victims were willing to pay ransoms, , said.
The changes in the threat actors tactics ranged from new methods to bypass security defenses to new techniques for exfiltrating and posting stolen data, Arete said.
A ransom was paid in just 31.3% of engagements in 2023, driving threat actors to become more aggressive in negotiation techniques and demand notably larger ransoms.
The 2023 threat landscape was characterized by a combination of mainstay threat actors and new or reemerging groups. While top variants continue evolving to maintain dominance, the widespread impact of newer groups demonstrates the constant evolution of today’s threats and the need for adaptable defenses and increased cyber resilience.
The report leveraged data collected during Arete incident response engagements and explores the rise and fall of ransomware variants, trends in ransom demands and payments, impacts on critical infrastructure, and what Arete expects to see in 2024.
Arete global teams gleaned data and insights from every aspect of the threat lifecycle. From forensics and restoration to threat actor communications and compliance, this comprehensive visibility informs our understanding and analysis of the threat landscape.
Internal challenges and disorganization drove operators to implement more stringent policies on negotiation and demand amounts.
Threat actors faced increased pressure from law enforcement, including the successful disruption of the Hive operation and a temporary ransomware takedown of ALPHV/BlackCat. These high-profile disruptions may result in more stringent vetting of affiliates and a splintering of larger ransomware groups in 2024 as ransomware groups look to evade this unwanted attention.
As defenses and backups continue to improve, disruptions to operations will likely be the leading driver for victims to pay ransoms. Preventing and detecting cyber threats will require an increasingly comprehensive, data-driven approach.
Arete said it is committed to providing our clients and partners with actionable data and insights to effectively combat cybercrime.
Arete transforms the way organizations prepare for, respond to, and prevent cybercrime. With decades of industry experience, Arete’s team combines hundreds of investigative, technical, and cyber risk management practitioners with best-in-class data and software engineers. This elite team of experts provides unparalleled capabilities to address the entire cyber incident life cycle, from incident response and restoration to advisory managed security services.
