The number of cyberattacks using ransomware increased by 50-60% in January-May

The number of cyberattacks using ransomware in January-May increased by 50-60% compared to the same period last year. Moreover, the hackers changed their goals: if at the beginning of the year the attacks of the so-called encryption viruses were aimed at small and medium-sized businesses, now they are at large companies from the retail and construction sectors, and vulnerabilities in remote access services are used to infect devices.

The number of hacker attacks on Russian companies using ransomware viruses (encrypting files on devices, after which extortionists require payment to return to normal operation) has been growing since the beginning of the year. According to the results of the first quarter of 2023, growth amounted to 77% in annual terms, analysts at Positive Technologies calculated. The trend is confirmed by FAC.C.T. (former Group-IB). According to this company, the number of such attacks from January to May 2023 increased by 50-60% compared to the same period last year.

Attackers are starting to increase the amount of extorted funds and have begun to attack large businesses more often, Positive Technologies noted. At the beginning of the year, according to cybersecurity experts, ransomware attacks most often targeted small and medium-sized businesses (see Kommersant on March 1). Now retailers, manufacturing, construction, travel and insurance companies most often become victims of ransomware, and the average ransom amount ranges from $10,000 to $100,000, according to FAC.С.T.

“Also, new players are entering this criminal market. Of the old and large groups, Conti, Hive, Yanluowang, BlackMatter, REvil have gone into the shadows – almost all of them because of the persecution by law enforcement agencies, ”says Fyodor Chunizhekov, an analyst at the Positive Technologies research group. BlackCat, LockBit, BlackBasta and Royal ransomware groups are showing increased activity.

The most popular method of infiltrating corporate networks has become the compromise of remote access services and, above all, penetration through the Remote Desktop Protocol (RDP). Also, attackers actively exploit vulnerabilities in external services of organizations and phishing mailings.

Ransomware is popular with hackers due to the relative simplicity of the scheme: companies must respond quickly to remove locks, and the “ransom” is transferred to a crypto wallet, which complicates the possibility of identifying attackers, Informzashita explains.

At the moment, there is no 100% guarantee against encryption viruses, including because any virus is modified and developed, explains Zecurion Deputy CEO Alexander Kovalev. In addition, regardless of the installed protection, monitoring tools in the company, etc., email remains the most popular distribution channel for malware, including ransomware. “And here we are talking about the human factor: you need to constantly work with the staff, and this is not always done,” the expert concludes.

Tatyana Isakova