The ongoing threat posed by
ransomware continues to pain organizations. However, new research published by WithSecure (formerly known as
F-Secure Business) highlights a potential opportunity to disrupt the cyber
crime ecosystem that's exacerbated the problem in recent years.
A new WithSecure threat update found that ransomware was the most prevalent threat type
identified in 2021, demonstrating its dominance over other attacks faced by
organizations. However, the number of new ransomware families and unique
variants researchers discovered in 2021 decreased significantly compared to
previous years.
There are several theories
that could explain this drop. WithSecure Chief Technology Officer Christine Bejerasco feels that it likely points to
threat actors consolidating their efforts, which creates new opportunities to
combat the problem.
"If attackers are in fact
consolidating their activities around core competencies, that makes the major
ransomware-as-a-service providers crucial links in the supply chains of threat
actors. And if we can break these links by neutralizing these significant
providers, it could very well disrupt the ecosystem and provide some relief for
defenders, at least for a little while," explained Bejerasco.
Other significant ransomware
developments highlighted by the threat update include:
- Ransomware accounted for nearly 17% of identified threats
detected in 2021, making it the year's most prevalent type of threat.
- WannaCry was 2021's most prevalent ransomware family,
followed by three ransomware-as-a-service (RaaS) families: GandCrab, REvil, and
Phobos.
- Ransomware continued to impact a variety of industries and
used multiple methods to penetrate defenses in 2021, making no organization
off-limits to these attacks.
While Bejerasco sees room
for optimism based on recent observations, she warns that turning the tide
against ransomware gangs is complicated. It requires organizations, industries,
and countries to embrace a co-security approach to the problem, which can prove
challenging.
"Unlike authorities, threat
actors can operate across borders with impunity, which gives them an advantage.
Defenders need to focus on outcome-based security practices by first
understanding the organizational or business outcomes they want and designing cyber
security measures to support those outcomes. From there, organizations can
identify risks to those outcomes, what digital assets are exposed to those
risks, and the potential cyber threats those assets face," she said. "Only then
can they design a cyber security strategy that the whole organization can rally
behind because it protects and supports what they want to achieve."
More information on
outcome-based security is available at https://www.withsecure.com/en/expertise/campaigns/with-or-without.