In 2024, Kaspersky analysts have outlined three significant trends in the ransomware threat landscape. The report is an attempt to raise awareness about ransomware on Anti-ransomware Day.
First trend
The first trend involves incorporating more integrated features by various ransomware groups, such as self-spreading capabilities or their imitation. Notable examples include Black Basta, LockBit, and Play, ransomware strains capable of spreading autonomously.
Second trend
The second emerging trend is exploiting drivers for malicious purposes, an old but effective technique. Some ransomware families like AvosLocker and Cuba have targeted antivirus (AV) driver vulnerabilities. Interestingly, even the gaming industry has experienced this type of attack. For instance, the Genshin Impact anti-cheat driver was manipulated to disable endpoint protection on targeted machines. This trend has also affected high-profile victims like government institutions in European countries.
Source: Twitter
Third trend
Lastly, Kaspersky experts highlight how major ransomware groups are incorporating capabilities from leaked or commercially available code, enhancing the functionality of their malware. The LockBbit group, for example, recently integrated at least 25 percent of the leaked Conti code into their ransomware, resulting in an entirely new version.
These initiatives provide affiliates with familiar tools and features, improving their effectiveness in working with ransomware families they are accustomed to. Organizations need to consider these developments when formulating their defense strategies.
Anti-Ransomware Day: 12th May 2024
On Anti-Ransomware Day, which falls on May 12, Kaspersky urges organizations to adhere to the following recommended practices to protect their systems against ransomware:
- Ensure that all devices you use are consistently updated with the latest software versions to prevent attackers from exploiting vulnerabilities and gaining unauthorized access to your network.
- Prioritize your defense strategy to include detecting lateral movements and data exfiltration to the internet. Vigilantly monitor outgoing network traffic to identify any suspicious connections cyber criminals make. Establish offline backups that cannot be tampered with, ensuring quick accessibility during emergencies.
- Activate ransomware protection for all endpoints. Kaspersky offers a complimentary Anti-Ransomware Tool for Businesses, which shields computers and servers from ransomware and various malware types. It also provides exploit prevention and is compatible with existing security solutions.
- Deploy anti-APT (Advanced Persistent Threat) and EDR (Endpoint Detection and Response) solutions that enable advanced threat detection, investigation, and prompt incident remediation.
- Equip your Security Operations Center (SOC) team with up-to-date threat intelligence and regularly enhance their skills through professional training.
All of these measures are available through the Kaspersky Expert Security framework.
Retrospectively
Ransomware has existed for numerous years, evolving into a cybercriminal enterprise. Threat actors have experimented with new methods and procedures, with successful approaches persisting while unsuccessful ones have been forgotten. At present, ransomware can be considered a mature industry, and we do not anticipate any groundbreaking discoveries or transformative developments shortly.
Ransomware groups will continue to expand their reach by targeting additional platforms. Although attacks on ESXi and Linux servers have become common, prominent ransomware groups are striving to victimize more media that may contain crucial data.
The solution is prevention and vigilance. So be wary and avoid ransomware!
PureVPN
January 1, 2024
4 months ago
