To exert more pressure on their victims, the attackers behind LockBit have started reaching out to the victim’s customers, informing them about the incident, and employing triple extortion tactics with the inclusion of distributed denial-of-service (DDoS) attacks, Akamai found.
Ransomware groups prioritize file exfiltration
Ransomware groups are increasingly targeting the exfiltration of files – the primary source of extortion – as seen with the recent exploitation of GoAnywhere and MOVEit. Attackers try to maximize their damage while minimizing and modernizing their efforts, employing many different extortion tactics to intimidate their victims into paying the ransom demands. Attackers are finding more success in data theft extortion instead of just in encrypting their intended target’s files, the report read. This underscores the fact that file backup solutions, though effective against file encryption, are no longer a sufficient strategy, Akamai stated.
Ransomware victims may quickly face subsequent attacks
One victimized by ransomware, organizations face a higher risk of a second attack shortly after, according to Akamai’s report. In fact, victims attacked by multiple ransomware groups are almost six-times more likely to experience a subsequent attack within the first three months than after more time has passed, it said. While a victim company is distracted by remediating the initial attack, other ransomware groups – likely scanning for potential targets and monitoring the activities of their competitors – can also leverage this window of opportunity and hit the same company, the firm stated.
Being attacked once and paying the ransom does not guarantee an organization’s safety either – rather, it increases the likelihood of being hit again by the same group or multiple groups, Akamai warned. If the victim organization hasn’t closed gaps in their perimeter/remediated the vulnerabilities abused by attackers to breach their networks the first time, chances are, they will be used again. Also, if the victim chooses to comply with the ransom demands, they may then be viewed as potential targets by the same group, and others.
Smaller organizations at higher risk of ransomware
Organization size and revenue are playing a part in current ransomware attacks trends, too, the report stated. There is an assumption that larger enterprises with bigger revenue are more likely to be targeted than other organizations because they present a higher payoff and, therefore, a more enticing target. However, Akamai’s analysis of victims by revenue illustrated a different picture. Businesses with reported revenue of up to $50 million dollars were the most at risk of being targeted (65%) while organizations with reported revenue above $500 million dollars made up just 12% of total victims, it read.
Akamai surmised that lower revenue companies are more vulnerable to attacks because their environment is easier to infiltrate, with limited security resources to combat the hazards of ransomware. At the same time, they have the capacity to pay the ransom to avoid business disruption and possible revenue loss.