Ransomware attacks continue to rise worldwide recording a 30% increase in 2023 compared to 2022, according to a new report by cybersecurity company, Kaspersky.

This is one of the highlights of the latest “State of Ransomware Report 2024” by cybersecurity firm Kaspersky, released just ahead of International Anti-Ransomware Day on May 12.

The report also revealed that one-third of all cyberattacks in 2023 involved ransomware, a form of malware that encrypts a victim’s data and demands a ransom payment for decryption.

Kaspersky’s data shows a 30% increase in ransomware groups globally compared to 2022, with a corresponding 71% increase in the number of victims they have targeted. Unlike random attacks, these groups focus on high-value targets like government agencies, major corporations, and specific individuals within companies.

Ransomware: How do the attacks occur?

The ransomware is usually distributed as the Ransomware-as-a-Service model. This operates similarly to the Software-as-a-Service model, with the key difference being its illegal operation on the dark web. The RaaS model consists of its operators (Ransomware developers) and affiliates (hackers who purchase these RaaS kits).

According to Kaspersky, these smaller groups or affiliates get access to the ransomware for a subscription fee or a portion of the ransom. These kits make it easier for even less technical criminals to launch ransomware attacks.

Popular ransomware strains

Kaspersky also identified the most prevalent ransomware strains of 2023. Lockbit 3.0 topped the list, followed by BlackCat/ALPHV until a law enforcement operation disrupted its activities in December. BlackCat, however, has already rebounded and “unseized” some of its sites. Cl0p rounded out the top three, responsible for compromising a managed file transfer system and impacting over 2,500 organisations by the end of 2023.

“As ransomware-as-a-service proliferates and cybercriminals execute increasingly sophisticated assaults, the threat to cybersecurity becomes more acute. Ransomware strikes persist as a formidable menace, infiltrating critical sectors and preying on small businesses indiscriminately,” Dmitry Galov, Head of Research Centre at Kaspersky said.

To combat this pervasive threat, Galov explained that “it’s imperative for individuals and organisations to fortify their defences with robust cybersecurity measures. Deploying solutions such as Kaspersky Endpoint Security and embracing Managed Detection and Response (MDR) capabilities are pivotal steps in safeguarding against evolving ransomware threats.”

Tips to check ransomware

To mitigate this challenge, Kaspersky has offered the following recommendations to help organisations protect themselves from ransomware attacks:

– Keeping software up to date on all devices to “prevent attackers from exploiting vulnerabilities and infiltrating your network.”

– Implementing security measures to detect suspicious activity on networks, “Set up offline backups that intruders cannot tamper with. Make sure you can access them quickly when needed or in an emergency.”

– Installing anti-APT (Advanced Persistent Threat) or Endpoint Detection and Response (EDR) solutions to improve ransomware protection capabilities.

– Providing security teams with access to up-to-date threat intelligence.