Ransomware: Attacks Continue to Rise as Operators Adapt to Disruption


Summary:

Despite a decrease in the number of publicly claimed ransomware attacks, ransomware activity remains a significant threat, with attackers adapting to disruption and refining their tactics. Vulnerability exploitation has emerged as the primary infection vector, with attackers targeting known vulnerabilities in public-facing applications. LockBit, Noberus, and Clop are among the most prolific ransomware operations, with LockBit being the largest threat, followed by Noberus and Clop. Tools deployed by ransomware actors continue to evolve, with an increase in dual-use tools and techniques such as BYOVD. Recent techniques employed by ransomware actors include credential dumping using Esentutl and extracting sensitive user credentials using DPAPI.

Security Officer Comments:
The data indicates a concerning trend in ransomware activity, with attackers leveraging vulnerability exploitation and evolving tooling to maximize their impact. The discrepancies between publicly claimed attacks and those investigated by Symantec suggest variations in success rates among ransomware operations. The persistence and adaptability of ransomware attackers pose ongoing challenges for organizations, highlighting the need for robust cybersecurity measures to mitigate the threat effectively.

Suggested Corrections:
To mitigate the risk of ransomware attacks, organizations should prioritize patching known vulnerabilities in public-facing applications, such as ZOHO ManageEngine and Microsoft Exchange Server. Additionally, implementing robust endpoint security measures and monitoring for suspicious activities can help detect and prevent ransomware infections. Regular employee training on recognizing phishing attempts and practicing good cybersecurity hygiene is essential to reduce the likelihood of successful ransomware attacks. Furthermore, organizations should consider implementing data backup and recovery procedures to minimize the impact of ransomware incidents and ensure business continuity.

Link(s):
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-attacks-exploits