No, the Ransomware Problem is Not Going Away


June 13, 2023

World map

According to the 2023 Verizon Data Breach Investigations Report (DBIR), the volume of ransomware attacks was flat in 2022 after trending up dramatically the last few years.

“The telecom giant said that while ransomware continues to be exceedingly popular among threat actors, the share of breaches involving ransomware held steady year-over-year at 24%,” TechTarget reports.

“While a number of vendors and researchers have observed either a stagnation or even slight decline in various aspects of the ransomware ecosystem, the reality of the situation appears more complicated.

Takeaway: While some measures seem to indicate that ransomware attack volumes waned or significantly decreased in 2022, 2023 attack volume thus far shows that the ransomware problem is not going away any time soon. Ransomware is still the number one threat to organizations, and the financial impact can be devastating.

March 2023 will go down in the books as the most prolific period so far for the volume of ransomware attacks observed, with research indicating there were 459 successful attacks, up 91% from February volume and up 62% year-over-year.

One of the reasons for the spike is that threat actors are taking advantage of unpatched vulnerabilities and automating more aspects of the earliest stages of attacks. Hundreds of organizations have been hit by the Cl0p ransomware gang as they exploit a known vulnerability in the GoAnywhere software.  

Automation means ransomware operators hit more victims faster, which translates to more ransoms collected and more fiscal pain for the victim organizations. There have been at least one university and several healthcare organizations that have shuttered operations permanently due to severe disruptions following a ransomware attack.

And for those that do recover, the costs can be extremely high. Case in point, in April Dorel Industries confirmed that it was the victim of a “security incident” (assessed to be a ransomware attack) that the company anticipates will result in Q1-2023 revenue losses estimated at $12-15 million, according to a statement.

It is clear that the majority of ransomware gangs are either loosely affiliated or wholly controlled by the Russian government, with ample overlap between threat actors, tooling, and attack infrastructure.  

The lull in attacks in 2022 as assessed by the most recent DBIR does not reflect a trend, but instead is evidence that these malicious actors can be diverted from their criminal activities to support state-sponsored operations as directed by the Putin regime.

The DBIR also does not address the marked increase in data exfiltration associated with today’s more complex multi-stage ransomware attacks. Data exfiltration means that even if the targeted organization is prepared for an attack and can recover impacted systems in a timely manner, they are still subject to extortion and high ransom demands in efforts to protect that data from being exposed.

This is because organizations put too much focus on post-payload response. There needs to be more focus on the data exfiltration aspect in the earlier stages of these attacks; once sensitive data goes out the door, the attack becomes much more difficult to mitigate. Even if the ransomware payload is identified, isolated, and remediated, the victim organization is still faced with extortion attempts and the risk that the data could be further exposed.

Being ready to respond to a ransomware attack is just part of the equation. Resilience must be built into that response protocol so organizations can limit the impact of a ransomware payload on operations.

A solid resilience strategy that includes data exfiltration defenses will ease the potential financial losses victim organizations face and eliminate the need to pay a ransom demand to unlock systems or cooperate with the attackers to secure stolen data. is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.