Over the past years, the evolution of ransomware has been nothing short of alarming. As cybercriminals continue to refine their tactics and capitalize on vulnerabilities, the ransomware landscape has evolved into a multifaceted and formidable threat.
One notable evolution is the number of reported attacks in 2023 compared to 2022. In 2022,
20% of our survey respondents reported a ransomware attack in the previous 12 months,
compared to only 2% in 2023.
Speaking on the comparative data from both surveys, Hornetsecurity CEO Daniel Hofmann, said: “Although organizations have reported fewer ransomware attacks in 2023, the threats haven’t necessarily decreased,“ Hofmann said. “Cybersecurity awareness among all users remains a crucial element to further decrease the risk of falling for these threats, especially as attacks become more sophisticated with new technologies.”
Another notable evolution is the diversification of attack vectors. If we compare the 2023 survey with last year’s, we see a slight decrease in email and phishing vectors,
6 in 10 in 2022 compared to 5 in 10 in 2023. On the other hand, we see a
5% increase from ‘compromised endpoints’ and a 6% increase from ‘social engineering’ sources. Moreover,
‘zero-day exploits’ see a further 4% increase from the previous year.
Furthermore, the layer of extortion to attacks is another glaring difference in the evolution of ransomware. Compared to previous years, ransomware attacks have adopted a multi-layered approach, which includes threatening to leak sensitive data if the ransom isn’t paid. This ‘double extortion tactic’ has been highly effective, as organizations face not only the prospect of data loss but also reputational damage and regulatory penalties if sensitive information is exposed.
But the evolution of
ransomware is best described through the emergence of Ransomware-as-a-Service platforms. These platforms have democratized ransomware attacks, essentially allowing individuals with limited or no technical expertise to launch ransomware campaigns. The RaaS model makes it easier for criminals to launch ransomware attacks across various industries, not just IT and critical infrastructure.
Finally, the data from 2022 and 2023 reveal noteworthy shifts in the most common targets of ransomware attacks. In 2022, server infrastructure and network storage held the unfortunate distinction of being the primary target, with a significant
56% incidence rate. Multiple endpoints and single endpoints closely followed, at
36.6% and 35.3%, respectively. Backup storage was also a notable target, affecting
15.1% of organizations.
However, in 2023, the landscape shifted. Server infrastructure and network storage remained prominent but saw a decrease to 44.8%, while multiple endpoints and single endpoints followed at 34.5% and 31%, respectively. Intriguingly, backup storage attacks dropped to 6.9%, suggesting a shift in cybercriminal tactics towards different targets, possibly due to improved backup security.
Microsoft 365 and cloud data, while still vulnerable, decreased to 3.4%. These changes underscore the dynamic nature of ransomware targeting strategies and the overall evolution of the
malware.