Rampant Vulnerability Abuse Leading to 204 Percent Increase in Ransomware Victims

Ransomware groups shift focus to return-on-investment targeting critical industries

Akamai Technologies, Inc., a leading cloud company responsible for enabling and safeguarding online activities, has recently published a fresh edition of its State of the Internet report. This report highlights the dynamic changes within the realm of ransomware. Titled “Ransomware on the Move: Exploitation Techniques and the Active Pursuit of Zero-Days,” the report outlines a significant 204 percent surge in the total count of ransomware victims across the Asia-Pacific and Japan (APJ) region during the period between Q1 2022 and Q1 2023. A major contributing factor to this increase is the utilization of Zero-Day and One-Day vulnerabilities. Interestingly, the study identifies a notable shift in ransomware strategies, with groups increasingly concentrating on pilfering files, specifically sensitive data, as a primary means of extortion. This shift signifies that conventional file backup solutions are no longer sufficient in countering ransomware threats.

Upon closer inspection of the data, it becomes evident that critical infrastructures within the APJ region have become prime targets. The five most vital industries in the APJ region susceptible to ransomware attacks, including manufacturing, business services, construction, retail, as well as energy, utilities, and telecommunications, face ongoing risks if cybersecurity standards are not bolstered.

The upswing in ransomware incidents can be attributed to the change in tactics by attackers. They have transitioned from relying on phishing tactics to actively exploiting vulnerabilities, aiming to capitalize on unknown security weaknesses and infiltrate corporate networks for deploying ransomware. Leading this landscape is LockBit, a dominant Ransomware-as-a-Service provider, which is responsible for 51 percent of attacks in APJ between Q3 2021 and Q2 2023. Following LockBit, the ALPHV and CL0P ransomware groups contribute to the majority of attacks.

Key findings from the report, “Ransomware on the Move: Exploitation Techniques and the Active Pursuit of Zero-Days,” include:

  • LockBit stands out as the most prevalent ransomware across various industries in APJ. It accounts for 60 percent of attacks in manufacturing, 55.8 percent in business services, 57.7 percent in construction, 45.8 percent in retail, and 28.6 percent in energy.
  • The CL0P ransomware group is vigorously exploiting Zero-Day vulnerabilities like MOVEit, which played a role in the surge of ransomware victims in Q1 2023 and ongoing events in June of the same year.
  • Small-to-medium sized enterprises (SMEs) with revenues up to US$50 million constitute the majority of ransomware victims in APJ.
  • An intriguing revelation is the increased targeting of file exfiltration as the primary method of extortion, highlighting the inadequacy of file backup solutions in ransomware protection.
  • Notably, organizations that have experienced multiple ransomware attacks are over six times more likely to face a subsequent attack within three months of the initial incident.

Dean Houari, Director of Security Technology and Strategy at Akamai, emphasized the evolving tactics of ransomware attackers, underlining the need for enhanced collaboration between the private and public sectors across the APJ region to counter these growing threats effectively.

Houari further advises businesses, particularly SMEs in APJ, to adopt a zero-trust architecture, starting with software-defined microsegmentation, as a means to effectively mitigate the continually evolving cyberattacks, including Ransomware-as-a-Service. This approach aims to safeguard critical assets, preserve business reputation, and ensure uninterrupted business operations in the face of diverse attack strategies employed by cybercriminal groups.

For more comprehensive insights, the security community can engage with Akamai’s threat researchers through the Akamai Security Hub and can follow the research team on Twitter at @Akamai_Research.

Methodology-wise, the ransomware data used for this report was sourced from approximately 90 different ransomware groups’ leak sites. These groups often share details of their attacks, such as timestamps, victim names, and domains. However, the success of these reported attacks was not a focal point of this research. Instead, the study centered on the reported victims. The analysis encompassed quantifying unique victims within each category, combining this data with information from ZoomInfo to provide additional context about victims’ location, revenue range, and industry. All data was collected over a 20-month period from October 1, 2021, to May 31, 2023.

In a landscape where the digital realm intertwines with every aspect of our lives, Akamai Technologies, Inc. emerges as a steadfast protector against the ever-evolving specter of ransomware. As revealed in their comprehensive report, “Ransomware on the Move: Exploitation Techniques and the Active Pursuit of Zero-Days,” the threats are not only growing but also morphing in ways that demand our constant vigilance. The report’s insights underscore the pressing need for organizations to adapt, fortify, and collaborate to fend off these increasingly sophisticated attacks. As technology advances, so does the dark side of its potential. Akamai’s report serves as a stark reminder of the imperative to stay ahead in this digital arms race, fortifying our defenses to ensure the safety of our data, the stability of our systems, and the resilience of our interconnected world.