Ransomware remained a scourge in 2023, earning criminals over $1 billion according to blockchain analysis firm Chainalysis. This disturbing milestone reflects ransomware's resurgence as increasingly sophisticated groups retool tactics and exploit new vulnerabilities.
Chainalysis tracked 538 new ransomware variants emerging in 2023, suggesting growing numbers of threat actors entering the arena. Efficient code reuse allowed less technical groups to repurpose proven malware strains under new branding to avoid attribution. Experts believe the potential for huge payouts and relatively low startup costs have attracted more players.
Lucrative vulnerabilities were a major vector. Groups like Cl0p used a zero-day in the ubiquitous MOVEit file transfer tool to hit big game targets like the BBC en masse. They shifted away from simple crypto-locking towards data exfiltration for even greater leverage. One strain alone amassed over $100 million from rich victims in June-July.
But even as major players hunted whales, high-volume commodity ransomware persisted. Groups like Phobos operated "ransomware-as-a-service" models, enabling swarms of smaller affiliates to unleash attacks on less prepared organizations. The sum of many smaller ransoms added up.
Launderers responded nimbly as regulators cracked down on exchanges and mixers. New obfuscation services like cross-chain bridges, instant exchangers, and gambling sites gained prominence. Chainalysis saw shifts in laundering preferences to evade enforcement efforts.
Recovering operations after an attack requires far more than good backups. Firms must understand how to restore full infrastructure like their identity management systems. Incident response plans must be comprehensive and regularly validated through rigorous simulations and tests.
Managed service providers have a critical role to play helping organizations build resilience. They can provide isolated backup environments, recovery automation, secure interim infrastructure, and end-to-end drills. Solo businesses often lack the security depth to sufficiently prepare on their own.
With over $1 billion paid to criminals last year, ransomware remains a potent threat. MSPs can leverage specialized expertise and economies of scale to enhance clients' defensive and recovery capabilities in the face of this global cybercrime challenge. Organizations should prioritize engaging trusted partners to bolster their preparedness.
