Ransomware - an ongoing and evolving threat

Ransomware is malicious software designed to infect a target's network and lock down data and systems until a ransom is paid. It is an evolving and diversifying threat that can include stealing sensitive or confidential information and a threat to make the data public unless a ransom is paid. The criminal business model is lucrative - often available as a service and accessible to adversaries regardless of their resources or skill level.

Every organization is a potential target. Ransomware attacks can cripple daily operations and customer supply chains, cause chaos and financial losses. They can also destroy corporate reputations and customer relationships.

87% Benelux organizations hit by ransomware in 2022, more than half multiple times; ransom paid often

Barracuda Networks has published its ‘Ransomware Insights report’ for 2023. This report shows that as many as almost 9 in 10 (87%) organizations surveyed in the Benelux have experienced at least one ransomware attack in 2022. In fact, more than half (55%) have been hit twice or more. These percentages are higher than the global average of 73 and 38 percent. Of the Benelux organizations that were victims of an attack once, nearly half (45%) decided to pay the ransom. This percentage is higher than for companies that were hit more frequently, where 39 percent chose to pay.

Wide variations in sectors affected by ransomware; consumer services and energy/utilities hardest hit

The survey was conducted by independent research firm Vanson Bourne on behalf of Barracuda. It targeted IT professionals at companies with 100 to 2,500 employees, ranging from those ‘on the front lines’ to the most senior positions. Respondents came from a variety of industries in the U.S., EMEA and APAC countries, including Benelux.

Globally, there were significant differences in the industries targeted by ransomware attacks. For example, 98% of consumer services companies and 85% of energy, oil/gas and utilities companies experienced at least one ransomware attack. In addition, the energy, oil/gas and utilities sector most often reported two or more successful ransomware incidents (53%).

Ransomware attacks often via emails; organizations with cyber risk insurance more often affected

The survey results show that for 69 percent (in the Benelux: 66%) of affected organizations, the ransomware attack began with a malicious email, such as a phishing email aimed at stealing login credentials that allowed attackers to penetrate the network. Web applications and traffic ranked second and are a growing risk within an ever-expanding threat landscape.

Remarkably, organizations with cyber risk insurance were more likely to experience ransomware. Globally, more than three-quarters (77%) of organizations with cyber risk insurance experienced at least one successful ransomware attack, compared with 65% of those without cyber risk insurance.

Ransomware attacks by low-cost tools; organizations must plug security holes and provide in-depth protection

“The number of organizations affected by ransomware in 2022 likely reflects the wide availability of cheap and easily accessible attack tools through ransomware-as-a-service services,” says Fleming Shi, CTO of Barracuda. “The relatively high percentage of companies that were victimized more than once suggests that security holes after an initial incident are not fully closed. It is a critical role of the security industry to help organizations protect themselves from ransomware, with deep, layered security technologies, including advanced email protection and backup, as well as threat hunting and extended detection and response (XDR) capabilities to quickly detect and stop malicious activity.”

Conclusion

Organizations need integrated and multi-layered security to protect their ever-expanding attack surface from evolving threats such as ransomware. To minimize your risk and exposure to ransomware and other cyber threats, focus on the following key cybersecurity areas:

• Protect your login data by investing in detection and response tools and by educating your users.
• Use email security technology to detect malicious payloads and ensure your employees can identify and report suspicious emails.
• Secure access to accounts, applications and networks with multi-factor authentication and a Zero Trust access strategy.
• Secure your Web applications with API-based application security and a next-generation Web application firewall.
• Back up your data regularly and test your recovery process.
• Build defense in depth with threat intelligence, incident response and XDR (extended detection and response).
• Stay informed of the evolving threat landscape and consider an outsourced Security Operations Center if you don't have the resources to investigate everything.