In this ransomware roundup: Barracuda Networks' researchers discover that ransomware threats amount to over 1.2 million each month and 14% of attacks target service providers. In addition, over 80% of ransomware attacks exploit common configuration errors in software and devices, according to Microsoft.

Ransomware threats hit 1.2 million per month

Researchers identified a spike in the number of service providers targeted by ransomware attacks, according to a recent report by Barracuda Networks. In addition, they found that the volume of ransomware attacks jumped between January and June of this year to over 1.2 million each month.

Ransomware is distributed via malicious software that's often delivered in an email attachment or link. Once bad actors gain access to an organization's data, they won't release it until the ransom is paid. In recent years, hackers have added an exploitative threat to publicize the hijacked data.

Barracuda's researchers reviewed 106 highly publicized ransomware attacks over the past 12 months – between August 2021 and July 2022 – and identified the industries most targeted by ransomware to be education (15%), municipalities (12%), healthcare (12%), infrastructure (8%) and financial (6%). Service providers were hit by 14% of ransomware attacks.

Over this time period, ransomware attacks on educational institutions more than doubled, and attacks on the healthcare and financial verticals tripled.

"Many cybercriminals target small businesses in an attempt to gain access to larger organizations," said Fleming Shi, CTO for Barracuda, in a statement. In response, he said, security providers should create products that are easy to deploy, regardless of the size of a company.

"Additionally, sophisticated security technologies should be available as services, so that businesses of all sizes can protect themselves against these ever-changing threats," Shi said. "By making security solutions more accessible and user-friendly, the entire industry can help to better defend against ransomware and other cyberattacks."

Most ransomware attacks exploit configuration errors

The majority of ransomware attacks – over 80% – exploit common configuration errors in software and devices, according to Microsoft's recent Cyber Signals report.

Configuration errors could be leaving applications in their default state, leaving security tools untested or misconfigured, and providing unauthorized users easy access to cloud applications by the way they're initially setup within an organization, reported ZDNet.

Microsoft's report explains how ransomware has become more prolific as bad actors simplify deployment of these types of cybersecurity threats in the form of "ransomware-as-a-service (RaaS)."

"The specialization and consolidation of the cybercrime economy has fueled ransomware-as-a-service (RaaS) to become a dominant business model, enabling a wider range of criminals, regardless of their technical expertise, to deploy ransomware," according to the report.

RaaS lowers the barrier to entry and conceals the identity of hackers behind the threat as well.

Bad actors are also moving quickly – the average time for an attacker to start moving laterally within an organization's network if a device is compromised is one hour, 42 minutes.

Authors of the Cyber Signals report recommend developing credential hygiene, which is network segmentation based on privileges to reduce the chance of bad actors moving laterally through an organization.

The report also suggests auditing credential exposure, reducing the attack surface within an organization, securing cloud resources, preventing initial access and ensuring security services are running in "optimum configuration."

Related posts:

— Kelsey Kusterer Ziser, Senior Editor, Light Reading