Ransomware Attacks Increase, Forcing Organizations To Respond

September 19, 2024

Malwarebytes, a global leader in real-time cyber protection, released its 2024 threat assessment report – "2024 ThreatDown State of Malware". The report indicates nearly half of all ransomware attacks in 2023 were in the U.S.

The annual cybersecurity analysis report looks at the most prominent attacks and cybercrime tactics across popular operating systems and how IT teams, particularly those who operate on tight budgets, can address them.

Organizations face a deluge of cyber threats daily including ransomware, malware, and phishing attacks. The threat landscape is constantly evolving, with the increased use of AI and cybercriminals' new tactics, including targeting a higher volume of targets at the same time.

Alongside the rise of ransomware attacks in 2023 (a 68 percent increase), the average ransom demand also climbed significantly.

The LockBit gang was responsible for the largest known demand - $80M - following an attack on Royal Mail. LockBit remains the most widely used ransomware-as-a-service, which accounted for more than twice as many attacks as its nearest competitor in 2023.

Malicious advertising - or malvertising - also made a comeback in 2023 and threatened both businesses and consumers alike. Cybercriminals send emails impersonating well-known brands to deliver both Windows and Mac malware through highly convincing ads and websites that trick users into downloading malware on their devices. "Ransomware Attacks Increased by 68% in 2023 according to Malwarebytes' New "2024ThreatDown State of Malware Report" www.malwarebytes.com (Feb. 06, 2024)

Commentary

The 2024 report found Amazon, Rufus, Weebly, NotePad++, and Trading View to be the top five most impersonated brands. In addition, Dropbox, Discord, 4sync, Gitlab, and Google emerged as the top five most abused hosts.

Training your employees on what to look for and what to be suspicious of until verified will assist your organization's ability to defend itself substantially.

Social engineering tactics present a challenge. To have to scrutinize emails and messages takes precious time away from productivity. Acknowledge this in your training, but insist that the time spent verifying the legitimacy of the online message is much less than the time spent recovering from a breach.

As the report suggests, even if an e-mail itself looks legitimate, the return address or host may give you a clue the email is not legit. Hover your mouse over the text of the hyperlink. You should see the full URL, which will help to show whether it leads to a legitimate website. A file attached to an email from Amazon, for example, is unlikely to be hosted on a non-Amazon server.

With that stated, when in doubt do not select an attachment or link, or perform the directives of any online message that is unexpected and/or as to which you have doubts about its authenticity.  

Finally, your opinion is important to us. Please complete the opinion survey:

Product

Articles

Foreign Rules On Travel Continue To Change: What Should Employers Consider

Travelers visiting other countries for business or pleasure should be aware the rules in foreign countries and cities are varied and can change.

Parents In Gen Z Interviews, Update On FTC's Non-Compete Rule, $2.78M Privacy Verdict, And More

FTC non-compete update, $10.5M no-poach settlement, $2.78M hidden video privacy verdict, parents attending Gen Z interviews, and more.

Do You Provide Employees With Detailed Benefit Information? You Make The Call

Workers want more detailed and frequent information about their benefits. Do you provide employees with detailed benefit information? You make the call.

Ask Leslie: Who Gets To Decide If FMLA Leave Is Applicable?

Can an employee dictate whether the employer counts leave as FMLA leave? Leslie Zieren, Esq. responds.

Nursing Facilities Targeted By DOL: Court Awards $35.8M For FLSA Violations

The owner of residential healthcare facilities must pay $35.8M for unpaid and miscalculated overtime. Learn about the risk.