The Latest 2023 Ransomware Attacks, Variants, Tactics And More – And How To Stay Protected
Introduction: a new generation of ransomware and the implications
Ransomware is constantly evolving, testing the defenses of organizations of all sizes, across the world.
We’ll provide you with information on the latest attack trends, ransomware variants, ransomware tactics, ransomware statistics, and more.
Plus, read on to see the best way to ensure you’re protected against these latest threats.
Dan Lohrmann, writing in Government Technology, recounts questions he’s constantly asked: “Was that major cyber incident a ransomware attack, a data breach or both? How many records were impacted? Did personally identifiable information (PII) get compromised? How long were they down? When was the business able to fully restore their operations? What did the incident cost?”
These questions are central to understanding the updated tactics of a new breed of ransomware.
Let’s break these down:
1. Was that major cyber incident a ransomware attack, a data breach or both?
Most likely it was both. If Ransomware gangs can access your system to encrypt your files, they have every incentive to exfiltrate those files and sell them on the dark web: they can double their profit, earning the ransom and selling your information! Indeed, this data leakage is an increasing trend with the latest ransomware attacks.
2. How many records were impacted? Did personally identifiable information (PII) get compromised?
These questions show the lack of information available to organizations who have been attacked. This uncertainty has very real implications: for example, insurance companies will want to know what has been leaked, regulators will need details (and in many instances will assume that everything was leaked if you can’t prove otherwise, resulting in significant implications) and of course customers need to know what data of theirs is no longer private.
3. How long were they down? When was the business able to fully restore their operations? What did the incident cost?
These questions indicate the massive cost of a successful ransomware attack, and how critical it is to ensure that your most sensitive data is protected in order to avoid the implications of such an attack. For many businesses, the question around a ransomware attack is not “if” but “when:” and when it happens, you need to make sure you’re prepared.
How to stay safe
Before we look at the latest attacks, gangs, and variants, it’s important to understand how to be prepared against the next attack with your name on it.
Your defense starts and ends with ITsMine:
In short, ITsMine, a Gartner Cool Vendor in Data Security 2023, is on a mission to combat the latest ransomware threats, like Lockbit, AlpVM, CLOP.
The ITsMine platform goes beyond detection, actively identifying leaked files before they’re encrypted, and issues real-time alerts that a file was opened and accessed outside company boundaries.
It provides crucial insights to SRM professionals including the full list of leaked files, and gives them the power to eliminate these compromised files, even once the attacker has hold of them.
ITsMine is Agentless and very easy to implement (less than a day), does not require additional headcount due to AI and deception techniques used, has built in automatic reaction for both Internal and External threats, and can turn any folder into the most secure folder in the organization, whether on premise or in the cloud.
ITsMine answers all the questions posed at the beginning of this article:
“Was that major cyber incident a ransomware attack, a data breach or both? How many records were impacted? Did personally identifiable information (PII) get compromised? How long were they down? When was the business able to fully restore their operations? What did the incident cost?”
ITsMine’s Managed Data Protection (MDP) solution keeps the security team in control at all times, so they know exactly what happened in an attack and which files were affected. This includes:
- Real-time alerts when an attacker uses forbidden files outside the company
- Know exactly which files were leaked
- Kill sensitive files remotely, even after they are far beyond company boundaries
Looking at the latest ransomware attacks – and these are just the public ones – we see an increase in scope and severity. The UK’s IT Governance site summarizes these latest attacks:
1. UK Electoral Commission
On 8 August, the Electoral commission issued a public notification of what it called a “complex cyber-attack” in which “hostile actors” gained access to the UK’s electoral registers, which contain an estimated 40 million people’s personal information.
2. Pôle Emploi
The fallout from May’s MOVEit breach, which saw the Russian Cl0p gang exploit a zero-day SQL injection vulnerability in Progress Software’s popular file transfer app MOVEit Transfer, continues.
This month, the French employment service, Pôle Emploi, has the dubious honor of having the most breached records thanks to the MOVEit breach (10 million).
3. University of Minnesota
The University of Minnesota has verified that an attacker has accessed its systems and exfiltrated personal data.
Reports emerged in July that the video chat platform Tigo leaked more than 700,000 people’s personal data online.
5. Indonesian Immigration Directorate General
More than 34 million Indonesians had their passport data leaked after a hacker gained unauthorized access to the country’s Immigration Directorate General at the Ministry of Law and Human Rights.
6. Teachers Insurance and Annuity Association of America
July saw the TIAA (Teachers Insurance and Annuity Association of America) become the latest in a long line of organizations to confirm that it had been affected by the MOVEit vulnerability.
Latest ransomware tactics
There have been a few new tactics introduced of late. Some of these include:
1. LockBit code leaked
With LockBit’s source code having been leaked online, a whole new storm of ransomware is being set off. For example, “researchers analyzed 396 samples of recent attacks attributed to LockBit and found that 77 of the 396 samples did not include any reference to LockBit in the ransom note, something the gang typically has in their attacks.” This means more havoc ahead for organizations.
2. New BlackCat ransomware variant
Per The Hacker News, “Microsoft on Thursday disclosed that it found a new version of the BlackCat ransomware (aka ALPHV and Noberus) that embeds tools like Impacket and RemCom to facilitate lateral movement and remote code execution.” Worryingly, and as we observed previously, the article notes that “Some groups have also begun moving away from encryption to pure exfiltration and ransom or, alternatively, resorting to triple extortion, in which the attacks go beyond data encryption and theft to blackmail a victim’s employees or customers and carry out DDoS attacks to put more pressure.”
The report continues, saying “The increasing popularity of Encryptionless Extortion attacks, which skips over the process of encryption, employs the same tactic of threatening to leak victims’ data online if they don’t pay…This tactic results in faster and larger profits for ransomware gangs by eliminating software development cycles and decryption support.
“These attacks are also harder to detect and receive less attention from the authorities because they do not lock key files and systems or cause the downtime associated with recovery. Therefore, Encryptionless Extortion attacks tend to not disrupt their victims’ business operations – which subsequently results in lower reporting rates.”
Conclusion: attacks are changing, your defense should too
With this increase in ransomware attacks, and the dangers around data leakage, you need to implement a purpose-built solution to mitigate the ransomware threat and ensure you’ve done your best to keep your organization protected.
Stay vigilant, stay informed, and stay safe.