Executive Reveals 5 Key Ransomware Takeaways from 2023
Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise tech. In this feature, Index Engines’ VP of Strategic Partnerships Jim McGann offers his key ransomware takeaways from the last year.
As we look back on all that we learned in 2023, we need to ask ourselves, did we not learn anything from 2022?
It’s abundantly clear that ransomware, far from fading into obscurity, remained a formidable threat to organizations worldwide, one most organizations were still not prepared for. This year brought about a rollercoaster ride of ransomware incidents, each leaving its own indelible mark on the cybersecurity landscape.
In this article, we delve into the top five things we have – hopefully – finally learned about ransomware in 2023, shedding light on the evolving tactics employed by cybercriminals, the shifting dynamics in the cyber insurance industry, and the pressing need for a robust recovery strategy.
The lessons learned in 2023 will serve as an example and proof of concept for the cyber resilience landscape of the future.
It Was Never Going Anywhere
Admittedly, ransomware got off to a slow start in 2023. There was a short-lived decline in Q1 that gave many the sense that the worst of the years-long ransomware attack was behind us, and CISO’s around the world rejoiced for a brief moment. Then ransomware surged by 74 percent in Q2, and we want on to see some of the most headline-grabbing attacks yet. It took a 10-minute phone call to cause over $100 million in ransomware damage to The MGM Grand and Clorox’s attack, which cost over $25M and made everything from cat litter to cleaning supplies scarce.
Slow and Steady Corruption
If ransomware had a theme in 2023, it was “The Tortoise and the Hare.” But unlike Aesop’s Fable, it wasn’t about a race. The finish line here was corporate data, and instead of quick and debilitating attacks, slow and steady corruption was the winner. Subtle changes (like intermittent encryption) over large amounts of data often avoided detection. While dwell time was less than a day in about 50 percent of attacks, others languished for months. Both strategies increased ransom demands.
Ransomware by Any Other Name
Ransomware gangs are disbanding and rebranding and even offering ransomware as a service for those less technically inclined. They’re giving their ransomware new names and unique signatures, but when you look at what the ransomware does to data, they all tend to corrupt data in the same way: encryption to transform the data into a format that is unreadable, changing the file extensions of encrypted files to makes it clear which files have been affected by the ransomware, and system changes such as disabling certain security features or blocking access to system tools.
Cyber Insurance Rates are Becoming Unaffordable
Cyber insurance costs have been on a sharp rise, and insurers are becoming more selective about the types of attacks they are willing to cover. In 2022, insurance rates saw a significant 50 percent increase, following a substantial 73 percent surge in 2021. The ransomware crisis has propelled the cyber insurance industry to a value of $7.2 billion. However, the cyber insurance industry is grappling with the financial strain caused by increasing ransom payouts, and premiums are continuing to rise with some high-risk business sectors being denied coverage.
Cyber & Storage Need to Meet
Downtime has reached months after some attacks. This has crippled businesses, even shuttered hospitals. Too many organizations focus solely on preventing the attack, not recovering or validating their network and backup data. In 2021 we preached disaster recovery is not the same as cyber recovery, and organizations need a cyber recovery plan. Yet two years later, Johnson controls proved us right and showed backups are not going to save you.
Organizations need to be able to detect signs of a ransomware attack and recover confidently with clean data. This can be achieved by breaking down the separation between cyber security and data storage to leverage cyber analytics onto storage platforms, providing earlier detection and a path to recovery.