Ransomware surges as threat actors get more aggressive
Ransomware and extortion actors are utilizing more aggressive tactics to pressure organizations, with harassment being involved 20 times more often than in 2021, according to a new report.
The study, from Palo Alto Networks' Unit 42 threat intelligence team, finds harassment is typically carried out via phone calls and emails targeting a specific individual, often in the C-suite, to pressure them into paying a ransom demand.
"Ransomware and extortion groups are forcing their victims into a pressure cooker, with the ultimate goal of increasing their chances of getting paid," says Wendi Whitmore, senior vice president and head of Unit 42 at Palo Alto Networks. "Harassment has been involved in one of every five ransomware cases we've investigated recently, showing the lengths that these groups are willing to go to coerce a payday. Many are going so far as to leverage customer information that has been stolen to harass them and try to force the organization's hand into payment."
The research reveals that ransomware groups have been observed layering extortion techniques for greater impact, with the goal of applying more pressure on organizations to pay the ransom. Some of these tactics include encryption, data theft, distributed denial of service (DDoS) and harassment. Data theft, which is often associated with dark web leak sites, is the most common of the extortion tactics, with 70 percent of groups using it by late 2022 -- a 30 point increase from the previous year.
Unit 42 researchers have seen an average of seven new ransomware victims posted on leak sites each day -- equating to one new victim every four hours. In fact, in 53 percent of Unit 42's ransomware incidents involving negotiation, ransomware groups have threatened to leak data stolen from organizations.
The report also notes a spike in attacks on schools and hospitals. These include attacks from Vice Society, which was responsible for the data leaks from several major school systems in 2022. Manufacturing was the most targeted industry in 2022 though, with 447 compromised organizations publicly exposed on leak sites.
You can read more and get the full report on the Unit 42 blog.
Photo credit: Bacho / Shutterstock