The increasing frequency of ransomware attacks is a significant challenge, as seen by the recent rise in APT groups with ties to Pakistan before the Indian elections and the disruption of significant Ransomware-as-a-Service (RaaS) operations.
The Seqrite report states that initial access brokers are selling more access to Indian entities (corporate and government) in the underground forums. This led to over 2900 disruptive actions in the first quarter of 2024 by over 85 Telegram hacktivist groups, including DDoS, website defacement, and database dumps. According to the report, there is one ransomware attack for every 650 detections.
The most recent findings paint a picture of increasing threats, with sophisticated attacks targeting governments, organisations, and individuals alike.
The report also highlighted a recent spike in cyberattacks by Pakistan-linked APT groups such as SideCopy and APT36 (Transparent Tribe) targeting not only the Indian government and military bodies, which is especially concerning given the ongoing elections, but also new spear-phishing campaigns such as Operation RusticWeb and FlightNight.
Another crimeware report by Arete discloses that during Q1, law enforcement continued to put pressure on large Ransomware-as-a-Service (RaaS) companies, significantly impacting LockBit activities. While LockBit and ALPHV's combined activity no longer accounts for the majority of ransomware engagements, Arete saw a much broader and more evenly spread threat landscape, with activity from groups such as 8Base, BianLian, Black Basta, Cactus, DragonForce, Hunters International, HsHarada, Medusa, Phobos, Rhysida, and Trigona.
Furthermore, the trend of fewer organisations paying ransoms persisted, with a ransom paid in 34% of Arete engagements in the first quarter of 2024. Another recent report, Cybernomics 101 by Barracuda, found that 71% of respondents had suffered a ransomware assault in the previous year, with 61% paying the ransom.
Prevention tips
The researchers believe that backing up critical data is the most effective strategy to recover from a ransomware infestation. There are a few things to consider. Backup files should be appropriately safeguarded and stored offline or out-of-band so that attackers cannot target them. Using cloud services may help alleviate a ransomware outbreak because many retain prior copies of files, allowing you to restore to an unencrypted version. Make careful to test backups on a regular basis to ensure their effectiveness. In the case of an attack, ensure that your backups are not compromised before rolling back.
Additionally, ensure that all of the organization's operating systems, apps, and software are frequently updated. Applying the most recent updates will help close the security gaps that attackers are attempting to exploit. Wherever possible, enable auto-updates so that you always have the most recent security upgrades.
