According to a recent survey, the vast majority (75%) of organizations reported being targeted by at least one ransomware attack in 2023, with 26% reporting they were targeted with ransomware four or more times, InfoSecurity Magazine reports.
The survey follows another study that estimates the volume of ransomware attacks in 2023 surged by 55.5% year-over-year from 2022 levels.
Takeaway: Ransomware attacks continue to be extremely lucrative, with ransom demands and recovery costs bleeding victim organizations for millions of dollars.
Ransomware-as-a-Service (RaaS) and other extortion attack operators continue to implement novel evasion techniques specifically designed to evade or completely circumvent traditional endpoint protection solutions.
Accurate data on the extent of the ransom crisis are simply not available, which means that the threat is even greater than we think.
An FBI assessment from 2022 where the agency assessed that only about 20% of attacks were being reported to law enforcement. This was based on the FBI observing monitoring the activity of the infamous Hive ransomware gang for seven months after infiltrating their operations.
Another recent study which found that over half (61%) of executives surveyed said their organization opted not to report a major ransomware attack to law enforcement.
The study also found that:
- 78% of executives claim that they would be willing to pay a ransom
- 74% of executives believe their security teams cannot defend against ransomware
- 60% of executives believe their employees could not identify a cyberattack
Based on these assessments, there were likely tens of thousands of successful ransomware attacks in 2023, but they are simply not being reported publicly. Given the risks involved in reporting an incident, it’s no wonder executives choose not to report unless compelled.
Ransomware is big business, and the financial impact of ransomware attacks is one we all bear, and it is going to become a significant drag on our economy. The only way we can counter its growth as a major industry vertical is to disincentivize the attackers.
Ransomware attacks can do more damage to an organization than simply impacting the bottom line, they have the potential to damage brand, increase insurance costs, force budget cuts and layoffs, negatively impact stakeholders and even put victim organizations and their CXOs and BoDs in legal jeopardy.
The ransomware threat is very real, the problem is seemingly growing exponentially, and executive leadership at organizations are struggling with how best to deal with both preparing to defend against attacks as well as what to do to protect the organization after a successful attack.
Organizations require both a robust prevention and an agile resilience strategy to defend against this wave of ransomware attacks.
This approach includes endpoint protection solutions, patch management, data backups, access controls, employee awareness training, and organizational procedure and resilience testing for all ransomware readiness plans to be successful.
Halcyon.ai is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.