In an increasingly digital world, cyber threats are evolving at an alarming pace. Akamai Technologies, a prominent player in cybersecurity and content delivery services, has just released its latest State of the Internet (SOTI) Report,, titled “Ransomware on the Move: Exploitation Techniques and the Active Pursuit of Zero-Days.” This research delves deep into the world of ransomware attacks, shedding light on the evolving techniques employed by malicious actors and the shifting focus from phishing to vulnerability exploitation.
The changing face of ransomware attacks
One of the most concerning findings in the report is the dramatic shift in ransomware attack techniques. Ransomware groups, known for their relentless pursuit of financial gain through digital extortion, have increasingly turned their attention to the exploitation of vulnerabilities. This transition has led to a staggering 143% surge in ransomware victims between the first quarter of 2022 and the same period in 2023. No longer content with traditional phishing methods, attackers are actively seeking and exploiting zero-day and one-day vulnerabilities to infiltrate their targets.
The dominance of LockBit and the rise of ransomeware
Within this evolving landscape, the LockBit ransomware group emerges as a dominant force, accounting for a staggering 39% of total ransomware victims. This figure is more than quadruple the number of victims attributed to the second-highest ranked ransomware group. Intriguingly, the report uncovers the aggressive tactics of the so called CL0P Ransomware Group, which has witnessed a remarkable 9-fold increase in victims year over year. This group is actively developing zero-day vulnerabilities, adding a new layer of sophistication to its attacks.
No safe haven for smaller organisations
One disconcerting revelation from the report is that smaller organisations, often assuming they are less attractive targets, remain at significant risk. More than 60% of analysed victims fall within the revenue bracket of up to US$50 million. Strikingly, even organisations with reported revenues exceeding $500 million contribute 12% to the total victim count. Furthermore, the report underscores the unsettling reality that victims of multiple ransomware groups are over six times more likely to experience subsequent attacks within just three months of the initial breach.
Impact across industries
The report shines a spotlight on the varying impact across industries, highlighting potential vulnerabilities within global supply chains. Manufacturing, for instance, stands out as the vertical with the highest number of victims, accounting for a staggering 20%. LockBit, as one of the most pervasive ransomware strains, is responsible for 41% of these attacks. The healthcare sector also experiences a significant threat, witnessing a 39% increase in victims during a specific period. The ALPHV ransomeware (also known as BlackCat) and LockBit ransomware groups are the primary culprits targeting this critical sector.
Financial services and retail sectors are not exempt from this cyber onslaught. Financial organisations witnessed a 50% increase in the total number of impacted entities year over year. Retail, on the other hand, ranks third in the number of ransomware victims per industry, with a concerning 9% increase in attacks.
Asia Pacific under siege
The report’s insights extend globally but also provide a specific focus on the Asia Pacific region. LockBit emerges as a pervasive threat, reigning as the most prevalent ransomware across various industries in the region. It commands a striking 60% of attacks in manufacturing, 55.8% in business services, 57.7% in construction, 45.8% in retail, and 28.6% in energy sectors.
The CL0P ransomware group, operating aggressively in the Asia Pacific landscape, exploits Zero-Day vulnerabilities to wreak havoc. An attack on MOVEit, for instance, contributed to the surge in ransomware victims in the region during the first quarter of 2023. Notably, the majority of ransomware victims in the Asia Pacific are small-to-medium-sized enterprises (SMEs) with reported revenues of up to US$50 million, dispelling the notion that only larger enterprises are prime targets.
A changing modus operandi
One of the most striking shifts in ransomware tactics is the increasing focus on exfiltrating files. This new approach has become the primary method of extortion, rendering file backup solutions inadequate in safeguarding against ransomware attacks. As the landscape evolves, organisations must reassess their strategies to counter this growing menace effectively.
The unsettling reality
The Akamai SOTI Report serves as a stark reminder that the realm of cyber threats is ever-changing and that malicious actors are continually refining their techniques. Ransomware, once synonymous with phishing campaigns, is now leveraging advanced exploitation methods to compromise victims. No organisation, regardless of size or industry, is immune to the dangers posed by these evolving cyberattacks. As the world becomes increasingly interconnected, the need for robust cybersecurity measures and constant vigilance has never been more critical.
Paul Budde