State of the Underground 2024: Two ways to guard against the ongoing threat of ransomware

Ransomware has been one of the most frequent and successful forms of attack for threat actors, and the numbers suggest it’s likely to remain so. From data in our State of the Underground reports over the past few years, we noted a sharp increase in 2021 to 3,264 from 1,509 in 2020. In the years that followed, the number of attacks remained high, totaling at least 4,000 annually. In our latest State of the Underground 2024, the total was 4,056, down slightly from the previous year but still far above the 2020 number. 

More significantly, the damage to organizations increased as well. Even with a slight drop-off in total attacks in 2023 compared to 2022, the average payout nearly doubled: up to $1.542 million from the previous $812,000.

There are several reasons for ransomware’s popularity among cybercriminals. Ransomware-as-a-Service (RaaS) – an emerging offering for sale on the dark web – has made it easier for those not technically skilled to launch a successful attack. The rise of RaaS has likely led to more ransomware attacks. Organized ransomware groups had their hands in a high portion of lucrative attacks.

In short, ransomware is not going away and the damage it causes is growing. But there are ways to safeguard your organization against it. Two methodologies discussed below can be helpful.

Blocking access gained through compromised credentials

Cybercriminals often find their way into an organization through compromised credentials. Along with other for-sale access methods, such as compromised endpoints, web shells, and remote protocols, compromised credentials allow cybercriminals to bypass other security methods and explore a target’s network for valuable data.

With Cybersixgill’s Identity Intelligence module, your security team can search manually to see if credentials belonging to a member of your organization have been leaked on the deep and dark web and been offered for purchase. Alternatively, your team can set up an alert on the module to get an automatic notification of such an event. 

If the timing is right, a security team can intervene before the compromised credentials are sold to threat actors. Cybersixgill offers take-down services by which our experts purchase the compromised credentials outright from the seller on your behalf in order to prevent it from being sold to someone with further malicious intent. 

Your security team can also execute a threat hunt to see if threat actors have already invaded your network and placed malware in the infrastructure. Cybercriminals typically spend time monitoring activities in a network before launching an attack, which means there’s a window of time in which a security team can take steps to block an attack before it occurs.

Anticipating ransomware attacks through a broader perspective

In addition to compromised credentials, threat actors also gain access to organizations through exploits.

To counteract this vector, Cybersixgill’s Dynamic Vulnerability Exploit (DVE) Intelligence module provides an actionable, risk-based understanding of potential vulnerabilities and exposures, giving each a score based on the likelihood of attack and potential impact, to help you prioritize patching and updates. The beauty of DVE Intelligence is that it’s mapped to your attack surface to give you a deeper understanding of potential risks. 

DVE intelligence actively monitors the activities of the deep, dark, and clear web, including forums, markets, paste sites, and code repositories, then scores CVEs based on risk of exploitation.

Our CTI is unique in guiding companies on their current risk exposure and the steps needed to minimize that exposure. By considering the impact radius and available security controls associated with each asset, security teams can determine the level of protection in place and whether it needs to be enhanced. With such information, teams can address potential vulnerabilities and blind spots more effectively and proactively enhance the company’s defensive mechanisms for business-critical assets. 

To learn more about ransomware trends and other underground cybercrime trends, download a copy of the State of the Underground 2024. To see how Cybersixgill can help your organization, schedule a demo to see it in action.