Understanding the Ransomware Wave of 2023

Originally published by Skyhigh Security on December 8, 2023.

Written by Nick Graham, Solution Architect, Public Sector, Skyhigh Security.

As we near the end of 2023, Skyhigh Security has observed a concerning surge in ransomware attacks that have significantly reshaped the cybersecurity landscape. This year has been a challenging one for businesses worldwide, highlighting the critical role of advanced security solutions in combating these threats.

What Have We Seen in the Past?

In both 2021 and 2022, we saw an increase in supply chain attacks. Instead of targeting a single entity, attackers have expanded their reach through supply chain attacks. The 2021 Kaseya attack, which impacted over 1,500 of its managed service provider customers, serves as a prime example. We saw a rise in the tactic of double extortion. Traditionally, ransomware involved encrypting data and demanding a ransom for decryption. However, with double extortion, attackers exfiltrate the data, threatening to leak it publicly if the ransom isn’t paid.

Analysis of Ransomware Trends

• Supply Chain Vulnerabilities: This year, we witnessed a shift in attack strategies, notably in supply chain attacks. The Kaseya incident in 2021 was a precursor to the more sophisticated attacks we’ve seen this year.
• Double Extortion Techniques: Our team observed an increase in double extortion tactics, where attackers not only encrypt data but also threaten its public release.
• Ransomware as a Service (RaaS): A notable trend in 2023 was the proliferation of RaaS, simplifying the execution of ransomware attacks for cybercriminals.
• Exploitation of Unpatched Systems: Many attacks targeted known vulnerabilities, emphasizing the importance of regular system updates and patch management.
• Phishing as a Gateway: Phishing remained a primary vector for ransomware, underscoring the need for ongoing employee awareness training.

A Record-Breaking September

Skyhigh Security’s global telemetry data indicates a peak in ransomware activity in September, with over 500 attacks recorded. This highlights the need for enhanced cybersecurity vigilance. This spike was heavily influenced by the Clop’s Fortra GoAnywhere data theft attacks. The rapid escalation of such attacks emphasizes the critical need for organizations to enhance their cybersecurity measures.

The Financial Implications

According to the Verizon Data Breach Investigations Report, ransomware was involved in 25% of all breaches in 2022. Research by Chainanalysis also found that ransomware attackers extorted at least $456.8 million this same year, signaling the substantial economic impact of these attacks.

Focus on the Octo Tempest Extortion Group

• Origin and Evolution: Initially known for SIM swap attacks, this group evolved into a formidable force in data extortion by mid-2023.
• Sophisticated Tactics: Our research reveals their use of advanced social engineering, SMS phishing, and extensive reconnaissance in their attacks.
• Tools and Collaboration: Their collaboration with Russian entities and use of sophisticated tools like PingCastle and ADRecon indicate a high level of operational sophistication.