Akamai Technologies has released a new State of the Internet report that spotlights the proliferation of techniques that lead to successful ransomware attacks. Ransomware on the Move: Evolving Exploitation Techniques and the Active Pursuit of Zero-Days finds that it is a shift from phishing to a rampant abuse of vulnerabilities that is leading to the leap in victim counts.
According to the report, hacker gang CL0P is rising in the EMEA ransomware landscape with an 11x growth spike in Q1 2023. This could be attributed to a zero-day attack on Fortra’s GoAnywhere software in April and CL0P’s exploitation of a variety of zero-day vulnerabilities as a point of entry. The gang’s approach does not have any semblance of a pattern, which makes it very hard to predict their next move as they try to remain under the radar before striking. Although we cannot say definitively what this quarter will ultimately reveal, it is important to note that in June 2023, CL0P published the names of more victim companies in EMEA, so the victim count will likely rise.
The report also finds that the majority of ransomware victims in EMEA are in organizations with reported revenue of up to US$50 million. Smaller companies may have more limited security resources to combat the hazards of ransomware, which makes them more vulnerable and easier to infiltrate. LockBit was responsible for 45% of attacks in EMEA. It accounted for 45.9% of attacks in manufacturing, 45.4% in business services and 45.1% in retail.
The top five critical industries at risk of a ransomware attack in EMEA are manufacturing, business services, retail, construction, and education. This corresponds to the global trend, and is also consistent with the 2022 global ransomware report, in which manufacturing and business services held the top two positions. These industries are at risk because of a prevalence of specialized and legacy operating systems, and an increased attack surface due to a greater number of connected devices and equipment.
“Ransomware continues to be the Achilles’ heel of organizations of all kinds, especially those that don’t have the resources to properly shield themselves from this kind of attack,” said Richard Meeus, Director of Security Technology and Strategy at Akamai. “Businesses should be on high alert that ransomware is indeed on the move and do their best to stop it in its tracks by employing a multilayered approach to cybersecurity, training their employees on social engineering.”