Ransomware’s Real Goals are Exploit Internet Facing Apps, Mine Intellectual Property, Grab Sensitive Info
The majority of ransomware attacks in 2022 were intended to unearth personal data, mine intellectual property and grab other sensitive information rather than financial extortion or data encryption, cybersecurity provider Kaspersky said in a new report.
Attack Vectors Identified
Most attacks started off as exploiting public facing applications (43%), data from compromised user accounts (24%) and malicious emails (12%). The ultimate goal was to snatch information the cyber crews could leverage into bigger and more lucrative scores.
The report also revealed that the longest-running ransomware attacks began with the exploitation of public-facing applications, with just over 2% of them lasting for a year and more.
According to the IT Security Economics report, more than 40% of companies faced at least one ransomware attack in 2022. Small and medium-sized businesses (SMBs) spent an average of $6,500 to recover while enterprises forked out $98,000 to heal the damages.
How to Protect Against Ransomware Threats
To protect businesses from possible ransomware threats, Kaspersky recommends:
- Make regular system backups and, if possible, keep saved data on devices not connected to the corporate IT network. That will keep information safe if the entire network is compromised.
- Run an update on OS or business software to provide critical security updates, as well as features that may make the work easier.
- Use strong passwords to access corporate services and multi-factor authentication to access remote services.
- Talk to employees about the variety of cybersecurity threats they might encounter outlining potential threats such as phishing emails, shady websites, or software downloaded from unofficial sources. Consider interactive training and tests to ensure staff remain vigilant.
- Optimize the use of cybersecurity tools by implementing eXtended detection and response solutions that collect telemetry from various data sources, including endpoint, network and cloud data, to offer a comprehensive security outlook, as well as promptly detect and automated respond to existing threats.
Konstantin Sapronov, head of the Global Emergency Response team at Kaspersky, emphasized that businesses must enact additional measures to remain safe from ransomware attacks:
“Continuing security issues with passwords, software vulnerabilities and social engineering become initial access vectors for attackers and provides endless ways to perpetrate ransomware activities. To minimize the potential for such activities, it’s important for businesses to set up and control a password policy, patch management, raise employee awareness and take regular anti-phishing measures.”