75 percent of organizations affected more than once by ransomware
A new report from SpyCloud finds that Ransomware is seen as the biggest cybersecurity threat across every industry, with 75 percent of organizations affected by ransomware more than once in the past 12 months -- a jump from 61 percent in 2023.
Based on a survey of 510 individuals in active cybersecurity roles within organizations in the US and the UK with at least 500 employees, the report shows some industries are more at risk than others, with insurance firms 6.3x more likely to experience a ransomware attack and healthcare 2.1x more likely.
Multi-factor authentication (MFA) bypass via session hijacking is seen as the greatest emerging threat for ransomware, and at least 54 percent of devices infected with infostealer malware had an antivirus or endpoint detection and response (EDR) solution installed at the time of infection. Despite this, respondents still name MFA as the second-most common countermeasure for malware remediation.
Infostealers have been responsible for the theft of 343.78 million credentials in the last year and one in five individuals have been victims of an infostealer infection. Each infection, on average, exposes 10-25 third-party business application credentials, creating fertile ground for further access and exploitation by ransomware operators.
"With ransomware operators increasingly exploiting infostealer-exfiltrated data like session cookies, it's become clear that traditional defenses are no longer enough. In today’s ransomware-fueled climate, organizations need to shift to an identity-centric approach for malware remediation and ransomware prevention," says Damon Fleury, chief product officer at SpyCloud. "This means extending protection beyond just devices and directly addressing exposed digital identities. To disrupt the evolving tactics of ransomware attacks before they escalate, step one is knowing the data criminals have already stolen. Step two is quickly remediating compromised credentials and terminating stolen web sessions -- including SSO, VPN, and SaaS application access."
The research also shows that year-on-year, significantly more organizations paid a ransom: 62 percent this year compared to 48 percent last year. But only about a third of those organizations fully recovered their data.
While there is universal agreement that more needs to be done to address the infostealer problem, the research does demonstrate that organizations are making progress. The top routine actions that security teams now take in response to a malware infection on an infected device are: investigating the incident (79 percent), resetting passwords for potentially exposed applications (77 percent), and attempting to remove the malware (67 percent).
You can get the full report from the SpyCloud site.
Image credit: lighthouse/depositphotos.com