Key findings include: – 70% of respondents believe ransomware is the most significant cybersecurity threat to their organization. – 60% have experienced a ransomware attack in the past year. – 80% of organizations have been hit by ransomware at least once.
Ransomware is seen as the biggest cybersecurity threat across every industry, with 75% of organizations affected by ransomware more than once in the past 12 months – a jump from 61% in 2023. Traditional tools and solutions like antivirus and MFA are not infallible. For organizations affected by ransomware in the past year, multi-factor authentication (MFA) bypass via session hijacking is seen as the greatest emerging threat for ransomware, and at least 54% of devices infected with infostealer malware had an antivirus or endpoint detection and response (EDR) solution installed at the time of infection. Despite this, respondents still named MFA as the second-most common countermeasure for malware remediation – demonstrating a need for new strategies.
The company’s analysis is based on a combination of historical data, current trends, and expert insights. SpyCloud’s report highlights several factors contributing to the heightened risk in these sectors. Firstly, the increasing digitization of healthcare records and insurance claims has expanded the attack surface for cybercriminals. With more patient data and financial information stored online, the potential reward for successful attacks has grown significantly. For instance, a breach in a healthcare provider’s system could expose sensitive patient information, leading to identity theft or financial fraud. Secondly, the ongoing shift towards remote work has introduced new vulnerabilities. Many healthcare and insurance organizations have adopted remote work policies to accommodate their employees.
“With ransomware operators increasingly exploiting infostealer-exfiltrated data like session cookies, it’s become clear that traditional defenses are no longer enough,” said Damon Fleury, chief product officer at SpyCloud. “In today’s ransomware-fueled climate, organizations need to shift to an identity-centric approach for malware remediation and ransomware prevention. This means extending protection beyond just devices and directly addressing exposed digital identities. To disrupt the evolving tactics of ransomware attacks before they escalate, step one is knowing the data criminals have already stolen. Step two is quickly remediating compromised credentials and terminating stolen web sessions – including SSO, VPN, and SaaS application access.”
The average ransom demand increased by 15% from the previous year, with the average ransom payment reaching $230,000. The most common ransomware strains were Ryuk, Ragnar Locker, and Conti. Ransomware attacks have become a significant threat to organizations worldwide, with a notable increase in both frequency and severity.
In addition to the paid ransom, the overall cost of a ransomware attack continues to rise with more than 44% of businesses now incurring over $1 million in total costs, up from 39% last year. These expenses can include general disruptions, lost business, reduced productivity, and reputational damage—any of which can wreak havoc on an organization’s bottom line. Rise of infostealer malware and digital identity exposure creates the perfect storm for ransomware attacks Cybercriminals have pivoted to next-generation tactics, using information-stealing malware (or “infostealers”) to siphon digital identity data, authentication details, and session cookies from infected users and selling this information to ransomware operators – leaving virtually every respondent (99.8%) concerned about this trend.
The report by Cybersecurity Ventures predicts that by 2025, cybercrime will cost the world $10.5 trillion annually. The rise in cybercrime is attributed to the increasing sophistication of cybercriminals and the growing reliance on digital technologies.
The survey, conducted by Varonis, highlights the challenges organizations face in securing their networks against the threat of unmanaged devices. These devices, which are not directly managed by IT departments, can include anything from IoT devices to personal laptops and smartphones. The lack of visibility into these devices makes it challenging for security teams to identify potential threats and vulnerabilities. One of the key findings of the survey is that organizations struggle to detect and respond to malware infections on unmanaged devices. This is due to the fact that these devices are not regularly scanned or monitored by security systems.
In the ever-evolving landscape of cybersecurity, the recent surge in password resets from 64% in 2023 to 55% in the current year underscores a critical area of concern for organizations. This significant increase not only highlights the growing vulnerability of user credentials but also emphasizes the need for a robust strategy to manage and mitigate these risks.
View the entire 2024 Malware and Ransomware Defense Report here.