Despite global law enforcement efforts and heightened attention from the White House, ransomware incidents continue to rise unabated, according to a new report from cybersecurity firm Mandiant. Researchers at the Google-owned company identified 50 new ransomware variants in 2023, with about a third branching off existing malware. This underscores the pervasive nature of the problem and the challenges in curbing cyber extortion.
In 2023 alone, cybercriminals amassed over $1 billion from victim ransom payments, highlighting the lucrative nature of these attacks.
The healthcare sector has been particularly hard-hit, with hospitals experiencing significant disruptions. The report noted that Ascension, one of the nation's largest healthcare systems with 140 hospitals across 19 states, was recently impacted by the Black Basta ransomware variant. The ongoing outage is raising concerns about patient safety and the potential risk to lives.
Mandiant's findings align with a recent White House report on national cybersecurity, which also noted an increase in ransomware attacks.
However, one significant issue is that reporting ransomware incidents is largely voluntary. This means assessments of ransomware prevalence often rely on data from cybersecurity companies, whose understanding is based on their customer base and the cybercriminal communities they monitor.
To address this, the Cybersecurity and Infrastructure Security Agency (CISA) is finalizing a mandate requiring critical infrastructure owners and operators to report ransomware payments within 24 hours. This mandate aims to provide a more comprehensive view of ransomware activity and enhance response efforts.
Mandiant's assessment highlights a 75% year-over-year increase in posts on data leak sites, which extortionists use to pressure companies into paying ransoms. The firm noted that 2023 saw the highest number of data-leak site posts since tracking began in 2020. Additionally, there was a 20% increase in the number of investigations led by Mandiant, indicating a significant rise in ransomware activities. The most prolific ransomware variants observed were ALPHV and LOCKBIT, each accounting for 17% of all activity.
The surge in ransomware attacks in 2023 followed a slight dip in extortion activities in the previous year. Mandiant researchers suggested that the dip in 2022 might have been an anomaly caused by external factors such as the Russian invasion of Ukraine or the leaked Conti chats, which may have temporarily disrupted cybercriminal operations.
As law enforcement agencies continue to conduct global operations against ransomware gangs, the evolving tactics and persistent nature of these cybercriminals highlight the need for continuous vigilance and enhanced cybersecurity measures. The collaboration between government agencies, cybersecurity firms, and critical infrastructure operators is crucial in building a robust defense against the relentless threat of ransomware.