FBI’s Ransomware Insights: Lessons from the $60 Million Impact
As ransomware is becoming smarter and faster, how can organizations bolster their defenses to better perceive and respond to cyber attacks.
Ransomware’s evolution demands a shift in response strategies, prioritizing prevention and efficient recovery measures, says Jim McGann, vice president of marketing & business development of Index Engines.
On March 11th, the FBI released the 2023 Internet Crime Report, which showed some startling statistics about the costly toll of ransomware in 2023. The Internet Crime Complaint Center or IC3 gives the public a direct way to report cybercrime to the FBI, assisting the agency in collecting data, providing input useful in investigations, and helping the agency note any changes in the threat landscape.
The report introduction from Timothy Langan, Executive Assistant Director, FBI called out the growing impact of ransomware.
“In 2023, ransomware incidents continued to be impactful and costly. After a brief downturn in 2022, ransomware incidents were again on the rise with over 2,825 complaints. This represents an increase of 18% from 2022. Reported losses rose 74%, from $34.3 million to $59.6 million. Cybercriminals continue to adjust their tactics, and the FBI has observed emerging ransomware trends, such as the deployment of multiple ransomware variants against the same victim and the use of data-destruction tactics to increase pressure on victims to negotiate.”
Ransomware Evolution and Impact on Critical Infrastructure
In this constantly evolving environment of cyber threats, cybercriminals show an unsettling adaptability as they continually update and refine their tactics to evade detection and maximize profits. The FBI advises of emerging ransomware trends, including deploying multiple variants against a single victim. Add to that, perpetrators have stooped to new lows, employing data-destruction tactics to intensify the pressure on victims, coercing them into negotiation through forced urgency and fear. The battle against ransomware persists as an ongoing and relentless struggle, demanding ever-vigilant measures to safeguard against it.
It’s been even more costly for critical infrastructure. The Internet Crime Complaint Center (IC3) received 1,193 attack complaints from organizations belonging to a critical infrastructure sector. Lockbit, ALPHV/Blackcat, Akira, Royal, and Black Basta were the most prevalent ransomware variants reported by critical infrastructure organizations to the IC3.
But $60 million later, what did we learn?
1. Intermittent encryption is the leading way variants are corrupting data
The top five ransomware variants exhibit a common strategy: intermittent encryption to corrupt data while minimizing the risk of detection. LockBit, for example, selectively encrypts only the initial 4KB of each file, adding the “.lockbit” extension. Doing so minimizes entropy changes and evades detection. Similarly, Blackcat employs intermittent encryption, offering a range of fast and configurable options to make data unusable.
This shows that current ransomware is specifically designed to avoid detection, not just by data security or perimeter protection tools but also by tools designed to monitor your backup and recovery data.
2. Cyber criminals are okay with causing death if it yields a ransom
In 2023, the healthcare sector bore the brunt of cyberattacks, experiencing 249 incidents targeting Healthcare and Public Health. Surprisingly, financial services, typically a prime target, ranked fifth with 122 reported attacks. This shows cyber criminals bet their money on our health, taking down hospital databases, pharmaceutical systems, and the flow of life-saving information. These attacks locked health records, and doctors couldn’t see patients’ medications or allergies.
One notable incident occurred in November 2023, when a ransomware attack struck Ardent Health Services. Consequently, patients’ scheduled procedures had to be canceled, and emergency room patients were rerouted to other hospitals across three U.S. states. Tragically, ransomware attacks killed an estimated range of 42 to 67 Medicare patients, roughly about one death per month, according to a University of Minnesota School of Public Health study.
3. It’s going to get worse before it gets better
Ransomware losses rose 74%, from $34.3 million to $59.6 million, showing that while cyber criminals are becoming more adept and bolder, organizations are not responding by getting smarter and more resilient. Cyber criminals will keep investing in ransomware until it doesn’t make sense.
The FBI does not encourage paying a ransom, stating “paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.”
This is all true. The Sophos State of Ransomware 2022 found only 4% of companies that paid ransom got all their data back. However, the aim is to disrupt the flow of funds to these criminals, potentially leading to decreased cyberattacks. However, numerous organizations find themselves in situations where paying the ransom becomes unavoidable. When operations are severely impacted by an attack and unable to function without access to their data, organizations often have no choice but to comply and pay the ransom.
See More: Tips To Achieving High Compliance Completion Rates
Where Does That Leave Us for 2024?
The evolution of ransomware is this: it’s becoming smarter and faster, with cybercriminals relentlessly pursuing data, regardless of the damage inflicted upon individuals or organizations. It’s digital warfare, where the motives of cyber attackers are driven by financial gain, and to survive, organizations must reassess their cybersecurity strategies and fortify their defenses.
While prevention remains the top priority in the fight against ransomware, the sad reality is that no system is immune to attack. As such, the focus for organizations in 2024 must extend beyond prevention and include rapid recovery strategies to ensure as little data loss as possible and no response to ransom demands. This means enacting a security approach that combines robust prevention and detection measures with meticulous planning for post-attack scenarios.
One critical aspect of this approach involves the integration of data integrity scans within the backed-up and protected data infrastructure. Organizations can expedite the recovery process post-ransomware attacks by implementing proactive scans that continuously validate data integrity and recoverability. Rather than enduring the painstaking ordeal of sifting through weeks or months of data to identify undamaged files, the assurance provided by data integrity scans ensures that viable data can be identified and restored, minimizing downtime and the impact on operations.
This year demands a shift in how organizations perceive and respond to ransomware. Organizations can take the most effective steps toward safeguarding their digital assets by prioritizing prevention and efficient recovery, including proactive measures such as data integrity scans. In this world of evolving cyber threats, adaptability and preparedness will be the keys to successfully navigating past a ransomware attack.
How can organizations fortify their defenses against ransomware in the face of evolving cyber threats? Let us know on Facebook, X, and LinkedIn. We’d love to hear from you!
Image Source: Shutterstock
MORE ON RANSOMWARE
