The age-old question in 2023: How to deal with ransomware?

It has been a devastating year for organizations in the fight against ransomware, with the news this year being a revolving door of ransomware breaches. Research by Zscaler revealed that there had been an 80 percent increase in ransomware attacks year-over-year.

It’s not just an increase in the number of ransomware attacks but also the catastrophic impact they can have on businesses, employees, customers and the wider popular itself. Shockingly, the average cost of a ransomware attack is $4.54 million, and destructive attacks can increase this cost by over $430,000. So, as 2023 quickly approaches, what ransomware threats should we expect?

Dr. Darren Williams, CEO and Founder at Blackfog, predicts that ransomware attacks will continue to increase and threat actors to change their tactics in 2023: "We expect ransomware to continue its assault on businesses in 2023. Specifically, we will see a huge shift to data deletion in order to leverage the value of extortion.

"Anti-data exfiltration will become critical in stopping the loss of trade secrets, customer and personal data. We will also see more attacks on government, education and healthcare which significantly lag in cybersecurity investment and are slow to adopt new technologies."

However, Simon Chassar, CRO at Claroty, believes that due to the convergence of IT and operational technology (OT) systems threat actors will shift from data exfiltration to affecting business availability and operations.

"As IT and operational technology (OT) systems continue to converge, ​​nation-state actors and cybercriminal ​groups such as Beserk Bear, Conti, Lazurus and Mythic Leopard, ​will shift their focus from IT to OT and cyber-physical systems; from stealing sensitive data to disrupting mission-critical operations.

"This yields maximum financial or political gain for the attacker because businesses have more incentive to pay a ransom when their means of production are at stake, which can have a long-term impact on revenue and the supply chain.​​​"

It’s not just new ways of extracting ransom out of victims, but ransomware gangs themselves which will change, with Fleming Shi, CTO at Barracuda, expecting groups to become smaller and faster in 2023.

"Throughout 2022, the major ransomware gangs -- LockBit, Conti, and Lapus$ -- were behind blockbuster attacks, keeping them in the headlines. But in 2023, with the ransomware-as-a-service business model taking off and the recent build leak of LockBit 3.0, a new generation of smaller and smarter gangs will steal their limelight.

"During the year, organizations will experience an increased frequency of ransomware attacks with new tactics, and those that aren’t prepared will make headlines that devastate their business and reputation."

Without question, over the next year, security leaders and senior decision-makers will be wrapping their heads around on how they can protect themselves against destructive ransomware attacks.

However, Ed Williams, EMEA Director of SpiderLabs at Trustwave, says that without organizations fully addressing their underlying security issues, they will never be able to mitigate the impact of ransomware.

"Cyber threats, including ransomware, will never be prevented by implementing shiny new products and solutions unless the underlying security issues are addressed.  

"Therefore, in 2023 I hope organizations shift their mindset away from feeling as though they need the latest tempting tech, and instead focus on consistently achieving the human-centric security basics. These basics include patching, strong passwords, and a detailed security policy."

Stefan van der Wal, Consulting Systems Engineer, Application Security at Barracuda, is also in agreeance believing that the appropriate measures have not been taken.

"[I am surprised] That ransomware is still an issue. For an attack that has such devastating consequences, there remain organizations that, in 2022, despite all the news surrounding this topic, still haven’t taken appropriate measures in terms of prevention, detection, response, and recovery. This, despite the efforts of the entire security industry to make it easier to address the threat."

It’s not just businesses themselves that are trying to figure out how to deal with ransomware, but international governments as well. It was revealed that recent COBRA meetings’ discussion points were dominated by ransomware.

"With ransomware more pervasive than ever, industry and government will be forced to address the issue at its core. Ultimately, paying ransomware simply funds the activity, so the only way to eradicate ransomware is to stop the payment of it entirely," said Adam Brady, Director, Systems Engineering, EMEA at Illumio.

"It is unlikely that any new legislation will be introduced in the next year, but we will certainly see discussions start to materialize about what this may look like and possibly the first iteration of this developed."

It’s not just the UK government that has ransomware on its mind but insurance companies as well. Adam Brady said that organizations will find it much harder to receive insurance payouts on ransomware attacks over the next year.

"At the same time, cyber insurance companies will become increasingly reluctant to keep paying out and will seek to strengthen eligibility requirements for policies, greater measures to demonstrate resilience will be required, such as regular stress-testing of IT infrastructure and incident response practices."

This is further backed up by Joseph Carson, Chief Security Scientist at Delinea, who expects the cost of cyber insurance to increase in 2023.

"Business leaders are looking to mitigate the risks from cyberattacks and ransomware, which had devastating consequences for many -- both in terms of business availability and financial stability. The need to reduce the financial burden of cyberattacks has seen many business leaders view cyber insurance as a safety net, making it a de facto mandatory requirement for business resilience and continuity.

A recent survey report from Delinea revealed that 33 percent of IT decision-makers applied for cyber insurance due to requirements from Boards and Executive Management. Furthermore, their policies are getting a workout -- almost 80 percent said they have had to use their cyber insurance, and over half of them said they’ve used it more than once.

As a result of more cyber insurance policies being used and, ultimately, many businesses needing them, the cost of cyber insurance will likely continue to rise at alarming rates."

Robin Campbell-Burt is CEO at Code Red.