Ransomware attacks on the rise in 2023, but not its profits

The 'Ransomware Outlook Report in 2023' highlights that ransomware attacks are experiencing a decline in payments made to cybercriminals.

The reasons behind this shift are as revealing as they are encouraging. The report highlights key factors, such as growing awareness of the existence of these attacks, the implementation of cybersecurity measures that go beyond local storage, and the adoption of cyberattack insurance.

But that's not all, ransomware attacks are no longer simply a threat; it has evolved to become as powerful a tool as the dreaded Advanced Persistent Threats (APTs). Moreover, it has been used as a geopolitical weapon in an attempt to destabilize rival economies.

In this article we recall the definitions of these attack types and break down the report's key findings, exploring how cybersecurity strategies are evolving in response to these increasingly sophisticated threats.

What is ransomware?

Ransomware is a type of malicious software (malware) that is used to encrypt files or block access to a computer system or device, such as a computer or cell phone. Once the ransomware has infected the system, it usually displays a ransom message in which the attackers demand a payment (a ransom) in exchange for providing the key or tool needed to unlock the files or restore access to the system.

It is important to note that paying the ransom does not necessarily guarantee file recovery or ransomware removal. In addition, paying the cybercriminals may encourage them to continue their activity.

What is an APT?

Advance Persistent Threat is a set of silent actions in technological systems by cybercriminals with the intention of attacking continuously over time, it is one of the major cyber risks of critical infrastructures and we must be clear about its characteristics.

Main characteristics of APTs

• Persistence: APTs are designed to remain active in the target environment for a prolonged period of time, often for months or even years. Attackers work diligently to avoid detection and expulsion from the system.
• Sophistication: The actors behind an APT typically have a high degree of technical expertise and resources. They use advanced tools and techniques to infiltrate systems and networks, bypassing traditional security measures.
• Specific targets: Unlike random or opportunity attacks, APTs have specific objectives, such as stealing confidential information, trade secrets, intellectual property or classified government information. Targets can be specific organizations or individuals.
• Stealth: APT attackers strive to go undetected, using evasion techniques, such as the use of custom malware or obfuscation techniques.This allows them to avoid detection by conventional security systems.
• Multiple phases: APT attacks are often divided into multiple phases, which may include initial infiltration, lateral movement through the network, data collection and information exfiltration. Each phase is executed in a careful and planned manner.
• Maintaining access: Once a network presence is established, APT attackers work to maintain persistent access, allowing them to continue monitoring and exfiltrating data over time.

José Rosell, our managing partner at S2 Grupo, assures that something important that comes out of this study is that cybercriminals know how to invest in those tools that best adapt to change and provide more benefits at lower risk, and in that sense ransomware is proving to be a good investment for them.

Ransomware groups and their effect on geopolitics

This study has also addressed the effect of ransomware attacks on the geopolitical arena, where it is observed how some APT actors are using it as a weapon. It is not unreasonable to think that there are APT actors associated with states using this malware to destabilize rival economies.

Since 2021, we see an inflection point where ransomware groups have become almost as relevant as state-funded APT groups, and are part of the 'cyberwarfare' context.

The report prepared by the S2 Grupo team also shows how cybercriminals are preferring large targets and this is accompanied by ransomware attacks on companies with a major impact on the supply chain and the service sector.

Other topics we analyze in relation to ransomware are: what has motivated its evolution, the types that exist, outstanding incidents; we also address the different strategies, techniques and general tactics used by ransomware groups; and we offer you an overview of the current state of protection against this malware, with recommendations for this situation and future trends.

"The only way to minimize the impact of this type of threat is to anticipate it, better understand the current panorama and the motivations of the actors behind this type of attack, and deploy effective measures to stop it," José Rosell, managing partner of S2 Grupo.