Cybercriminals are on a rampage, exploiting remote access weaknesses to fuel a staggering rise in ransomware attacks. At-Bay’s 2024 InsurSec Report uncovers a dramatic 64% spike in ransomware claims, driven by a jaw-dropping 415% increase in indirect incidents. This explosive growth underscores the critical vulnerabilities that continue to plague businesses in the digital age.
Key findings from the report show that 58% of ransomware attacks were linked to remote access vulnerabilities. Companies using self-managed VPNs from Cisco and Citrix faced a notably higher risk, being 11 times more likely to experience an attack than those using cloud-managed VPNs or no VPN at all. This highlights the critical need for organizations to reassess their remote access security protocols.
Additionally, the report revealed an evolution in cybercriminal strategies, with 51% of ransomware attacks employing double leverage tactics—both encrypting and exfiltrating data. This method increases pressure on victims to pay ransom, as attackers can threaten both data loss and public exposure of sensitive information.
Attack Frequency
Despite the rise in attack frequency, the severity of these incidents has decreased. The average cost of direct ransomware attacks dropped by 24% to $370,000 in 2023. This decline is largely due to more businesses successfully restoring data from backups, reducing the need to pay ransoms. At-Bay’s data indicates that companies unable to restore data from backups were three times more likely to pay a ransom. The average ransom demand exceeded $1.26 million, but the actual average amount paid was significantly lower at $282,000, thanks partly to At-Bay’s assistance in negotiating ransom amounts.
“At-Bay’s unique position allows us to provide valuable insights into the correlation between cyber risks and financial losses,” said Tara Bodden, General Counsel and Head of Claims at At-Bay. “We’re committed to increasing transparency in the security ecosystem by sharing our data insights, better enabling organizations to deploy their scarce cybersecurity resources for maximum impact.”
Key Findings from the Report:
- LockBit and BlackCat Dominance: LockBit and BlackCat/ALPHV were responsible for 35% of direct ransomware attacks, overshadowing other strains.
- Backup Restoration Impact: Companies that successfully restored from backups were 3X less likely to pay a ransom, highlighting the importance of robust backup strategies.
- Indirect Ransomware Claims Surge: Indirect ransomware claims, driven by attacks on vendors or partners, increased by 415% in 2023.
- Ransom Payment Trends: The average ransom demand was $1.26M, but the average payment was only $282K, showing effective negotiation can significantly reduce costs.
- Industry-Specific Impacts: Law firms faced the highest severity in direct ransomware attacks, with incidents 32% more severe than average, while the education sector saw a 3.4X increase in claims due to the MOVEit vulnerability.
At-Bay’s CEO, Rotem Iram, stressed the importance of bolstering security measures, stating, “Vulnerabilities in remote access products continue to drive too many successful ransomware attacks. Technology providers and cybersecurity professionals must prioritize securing the perimeter and improving response to emerging threats.”
Full Report Here
Source: At-Bay Research Reveals Remote Access Behind 58% of Ransomware Attacks in 2023.