Top 3 ransomware trends to watch in 2024

Ransomware has long been a major concern for businesses, and it will continue to plague all walks of life in 2024. In the "Top Seven Cybersecurity Threats of 2024" released by the CNCERT National Engineering Research Center, the first is ransomware.

In the new year, what new technical directions and organizational forms will ransomware take, and what extortion methods will evolve? In the face of these new challenges, what should enterprises do with anti-ransomware methods?

There are three major ransomware trends in 2024

Ransomware attacks continue to grow strongly

According to the 2023-2024 High-Tech Crime Trends Report released by Group-IB, ransomware continues to grow strongly, with the number of companies on data breach sites increasing by 74% year-over-year in 2023.

The 2023 Ransomware State Report released by security firm Sophos also shows that 66% of organizations have experienced a ransomware attack in the past year. Of those, 76% of the attacks resulted in data being encrypted, and the average cost to the victim was $1.82 million.

In fact, a massive increase in ransomware attacks is targeting all industries, with healthcare, government, and critical infrastructure being particularly targeted.

In the new year, attackers will continue to try to develop new tactics, techniques, and procedures ahead of security vendors. As the confrontation between the attacker and the defense escalates, attackers will continue to change their tactics and choose simpler, more marginal ways to obtain the same critical data, such as exploiting critical vulnerabilities in commonly used applications to launch attacks.

AI enhances the power and efficiency of ransomware attacks

With the rise of many AI services such as ChatGPT, the difficulty and cost of ransomware attacks have been greatly reduced. In 2023, in a ransomware attack case cracked by the cyber police in Hangzhou, the mainland, criminals used ChatGPT to complete ransomware optimization.

Currently, criminal teams have begun to leverage AI and machine learning to enhance the capabilities and efficiency of ransomware attacks, including: more convincing phishing attempts, automated malware creation, evasion of security measures, personalized social engineering attacks, and more, making them harder to detect and prevent by traditional defense mechanisms.

Ransomware tactics have shifted from data encryption and leakage to data deletion

Today, criminal gangs have resorted to a myriad of extortion tactics, such as double extortion, triple extortion, extortion of ransom by encrypting data, or threatening to leak data to pressure victims.

But since it's extortion, criminal gangs also tend to resort to more effective methods of extortion, and data deletion extortion is one of them.

Data deletion is faster than encryption, and the code is much easier to write, eliminating the need for complex public-private key handling or providing complex decryption code after the victim pays the ransom to recover the loss. If the data is corrupted and the business doesn't have backups, it's either a pay-or-lose data.

What kind of data backup can effectively prevent ransomware?

In fact, defeating ransomware depends on your organization's own cyber defenses. But even the most secure companies can't guarantee 100% resistance to ransomware gangs.

Therefore, data backup becomes an important part of anti-ransomware strategies. Studies have shown that ransomware victims who use backups have a median recovery cost that is half that of those who pay the ransom.

However, it is important to note that not all data backup methods are effective, such as:

Data backups may be infected or purged

According to the Veeam Ransomware Trends Report, at least 93% of attacks by malicious actors in 2022 targeted backups. Even more alarmingly, in 75% of attacks, the adversary successfully infiltrated backup repositories, 39% of repositories became unusable when affected, and nearly one-third (29%) of data recovery attempts were not viable.

Data loss occurred during the recovery process

There are various types of data loss that can occur during the recovery process, ranging from simple file loss to complete collapse of the entire system. During the data recovery process, the file system needs to be re-established, the operating system needs to be reinstalled, the applications reinstalled, and the data recovered.

In addition, many enterprises find that many key data has not been properly backed up when restoring, or because the backup cycle is too long, the backup data has not been tested, etc., resulting in the inability to restore data in full data and all dimensions in the event of a ransomware attack.

Data backup cannot restore data quickly

In addition, whether data backup can quickly restore data in the event of data loss to ensure the normal operation of the business is also a major test. Respondents to the Veeam Ransomware Trends report estimated that it would take them an average of 3.3 weeks to complete their recovery efforts. The reality is that some recovery efforts could last for months.

In general, data backup needs to have several characteristics to effectively prevent ransomware: clean recovery, complete recovery, and fast recovery. This requires data backup to be not only secure and reliable, but also to be able to monitor data security in real time.

In this regard, Ruishu information experts believe that data backup needs to build a data security closed-loop protection system of "pre-event data health examination, in-process intelligent threat detection, and post-event rapid response and recovery", so as to effectively combat malware attacks, conduct data health check-ups, quickly find malicious threats, and restore the normal operation of the system within minutes.

Ruishu DDR is effective against ransomware

Based on this, the data security detection and emergency response system (River DDR) launched by Ruishu Information is such an anti-ransomware data backup tool - through the data security closed-loop protection system before, during and after the event, it effectively solves the severe security problems such as the bypassing of traditional terminal security software and the lengthy recovery process of the backup system, so that emerging data security threats such as ransomware can no longer be abused.

Pre-event data health check-up

The innovative intelligent data risk identification engine, based on "deep file content detection" technology, can efficiently identify whether all kinds of structured and unstructured data in the enterprise data center have been corrupted or hidden risks.

Intelligent threat detection during the event

The innovative AI intelligent recognition engine provides intelligent analysis and recognition capabilities based on "data access behavior patterns", and improves the speed and accuracy of current data security detection through AI entropy detection technology, so that security detection can reach the leading level in China, solves the problem that the industry cannot respond to ransomware attacks through security detection, realizes full-link threat behavior and content change tracking, and discovers suspicious attacks in real time.

Respond quickly after the incident and recover

The innovative intelligent detection sandboxing and traceability engine can effectively locate the root cause of the attack, remove the files encrypted by ransomware and restore them with the latest clean backups, and harden the system to automatically generate clean data that can be mounted directly.

In general, River DDR has the following technical advantages:

Control of data assets: Generate reports on enterprise data integrity, sensitive data distribution, and permission audits to help users get rid of the dilemma of not being able to grasp the distribution of data assets and data security threats being invisible.

Anti-ransomware attacks: Establish data security early warning capabilities, intelligently analyze malicious behaviors such as batch data theft and highly concealed abnormal access, and efficiently identify various known and unknown attacks. Avoid a large amount of data being encrypted and stolen only to find out that it has been attacked by ransomware for a long time.

Protect backup data: Isolate backup data to prevent ransomware, hackers, or insiders from deleting or destroying it.

Continuously verify the backup data: Continuously verify the availability of the backup data to avoid finding that the backup data is unavailable and cannot be restored in an emergency.

Detection of abnormal data: Through the unique dynamic change tracking technology of files and databases, damaged or abnormal files and data in the system can be found, and the detection accuracy can reach more than 95%.

Minute-by-minute data recovery: Discovered and quickly recovered encrypted or damaged files, achieving minute-level data recovery, minimizing service interruption and comprehensively protecting business continuity.

Compared with other similar products, River DDR has achieved a number of technological innovations and breakthroughs, including: AI intelligent depth detection engine, AI entropy detection, data original format backup, etc. These technologies regress the data itself, and by performing health checks on files and databases, abnormal security behaviors can be more directly and effectively detected. In addition, detection and recovery are integrated to truly realize the lifecycle protection of ransomware protection.

At present, River DDR has been widely used in high-precision manufacturing, medical institutions, finance, operators and other industries. This system is also great for businesses and organizations with large amounts of sensitive data.

epilogue

As ransomware grows rampant, data backup and recovery technology becomes a must-have for visionaries. However, data backup must not only be effective, but also move towards a comprehensive data security solution to protect enterprise data from security threats such as ransomware, and detect and respond to security threats in a timely manner.