The Evolving Face of Ransomware: Navigating the Threat Landscape

Ransomware attacks are spreading beyond IT systems in critical infrastructure. Bad actors are using extortion techniques that expose private data, take down networks, and extend the threat to third parties. Solutions providers must be able to forge a multifaceted defense. Get the latest MIT Technology Insights report and learn how to build a zero-trust data protection framework. 

  • January 30, 2024 | Author: Melanie McMullen
Learn More about this topic

Article Key

As global uncertainties persist and remote work becomes the norm, ransomware attacks have not only surged but also evolved into sophisticated forms of extortion. With cybercriminals adopting a franchise model and targeting critical infrastructure, solution providers and organizations everywhere must stay vigilant to combat these escalating threats from bad actors all around the globe. 

Traditional ransomware tactics persist, but cybercriminals have elevated their game by exploiting global uncertainty. "Double extortion" attacks, where threat actors block access to data and simultaneously threaten to release or sell it, have become commonplace. 

The menace doesn't stop there. "Triple extortion" and "quadruple extortion" attacks, involving distributed denial of service (DDoS) threats or targeting third parties, have emerged as new threats on the horizon, as highlighted by Alexander Applegate of cybersecurity firm ZeroFox, in the latest MIT Insights Report.

Setting Off the Alarms

Alarming statistics underscore the severity of these ransomware attacks. A recent Sophos survey revealed that 66 percent of companies experienced ransomware attacks in the last year.

Meanwhile, a report from Enterprise Strategy Group (ESG) indicated an even higher number— 79 percent—of organizations have been affected. Analysts at ESG also noted that the 21 percent who claimed no attacks may also be at risk, suggesting that dormant threats may be lurking in their systems.

Amplifying Attacks: Ransomware-as-a-Service

The consequences of ransomware attacks are escalating. The cybercriminals' demands have surged, successful intrusions compromise multiple data streams, and attacks extend beyond IT systems to critical infrastructure. A concerning trend is the rise of ransomware-as-a-service, where cybercriminals sell ransomware kits to others, amplifying the scale and impact of attacks.

“When ransomware started, it was a small business picking on users who weren’t sophisticated and who would probably pay a couple of hundred dollars to get their data back,” says Hu Yoshida, Chief Technology Officer at Hitachi Vantara. “But now the game has changed dramatically.”

As the threat landscape evolves, solution providers and organizations must adapt and fortify defenses to counter these increasingly sophisticated and pervasive ransomware threats. To help you prepare a defense, Hitachi Vantara and MIT Technology Review have teamed up for an Insights Report. This blueprint outlines how to build a strong, multifaceted ransomware protection and recovery approach that incorporates a zero-trust security framework, organization readiness, and modern data protection techniques.  

Download the free Hitachi Vantara and MIT Technology Review Insights report, “Cyber resilience melds data security and protection.” 

 

Image Credit: Hitachi Vantara / MIT Technology Review

 

 

Related Content