Fewer new ransomware families could mean a chance to disrupt cybercrime activity
Although ransomware remained the most common threat last year the number of new ransomware families and unique variants discovered in 2021 decreased significantly compared to previous years.
Researchers from WithSecure suggest that this could highlight a potential opportunity to disrupt the cybercrime ecosystem that's exacerbated the problem in recent years.
WithSecure's chief technology officer Christine Bejerasco thinks the trend may point to threat actors consolidating their efforts. "If attackers are in fact consolidating their activities around core competencies, that makes the major ransomware-as-a-service providers crucial links in the supply chains of threat actors. And if we can break these links by neutralizing these significant providers, it could very well disrupt the ecosystem and provide some relief for defenders, at least for a little while."
Among other trends identified, ransomware accounted for nearly 17 percent of identified threats detected in 2021. WannaCry was 2021's most prevalent ransomware family, followed by three ransomware-as-a-service (RaaS) families: GandCrab, REvil, and Phobos. Ransomware has continued to hit a variety of industries and used multiple methods to penetrate defenses in 2021, making no organization off-limits to these attacks.
"Unlike authorities, threat actors can operate across borders with impunity, which gives them an advantage. Defenders need to focus on outcome-based security practices by first understanding the organizational or business outcomes they want and designing cyber security measures to support those outcomes. From there, organizations can identify risks to those outcomes, what digital assets are exposed to those risks, and the potential cyber threats those assets face," adds Bejerasco. "Only then can they design a cyber security strategy that the whole organization can rally behind because it protects and supports what they want to achieve."
You can find the latest ransomware threat update on the WithSecure site.