Plaintext: Getting Ahead of Ransomware

Welcome to Dark Reading in Plaintext, where each day we bring you insights around one topic important to cybersecurity professionals. Today, we talk about ransomware and its possible decline. Wouldn’t it be nice to know there’s going to be fewer ransomware attacks from now on? It’s too soon to declare a trend, but it was interesting to see more than one report tout the fact that ransomware attacks are declining this year.

Ransomware On the Decline?

Ransomware attacks leading to data breaches fell 20% in the second quarter of 2022 compared with the first quarter and dropped quarter over quarter, according to new data from the Identity Theft Resource Center. It’s a little too soon to declare that criminals have given up on ransomware and the bulk are looking for a new attack stream – but the numbers are definitely looking hopeful.

Consider, for example, the analysis by Trellix – which found that ransomware attacks involving two most common ransomware families — LockBit and Conti — are fewer than they used to be. Detections for LockBit dropped by 44% and Conti by 37%, according to Trellix's Summer 2022 Threat Report. The report also includes figures from Coveware showing that only 46% of companies paid a ransom in the first quarter of 2022, down from 85% for the same quarter three years ago. Coveware’s data also showed the average victim's payment to ransomware groups also declined to $74,000, down more than a third from the fourth quarter of 2021.

Caught in the Crash? As the value of cryptocurrencies plummet, security researchers are observing a drop in ransomware attacks, too.  In an analysis of 34 Dark Web cryptocurrency exchanges, which typically charge high fees of 2% to 15% of transactions for anonymity, Cybersixgill found that every one of them no longer advertises any capability to exchange cryptocurrency for cash. It’s possible that the services couldn’t keep up with panicked investors trying to convert the cryptocurrency to cash.

Speaking of converting cryptocurrency to cash… the Federal Bureau of Investigation warned financial institutions via a private industry notification that threat actors are creating fake versions of legitimate investment apps and tricking users into downloading the fake version of the app, not real ones. When users add cryptocurrency to their account wallets using the fake app, it gives the criminals behind the apps control over the funds.

Hiking Insurance Prices. Organizations often find they cannot obtain cyber insurance, are not being renewed for coverage they already have, or are faced with soaring prices and shrinking coverage. Panaseer’s Nik Whitfield expects the rise in premiums to continue. Panaseer’s survey found that many insurers don't yet have the answer to how to price cybersecurity insurance: While 47% of total respondents said they are "very confident" in their underwriting process, 44% are only "somewhat confident."

"The increasing cost of ransomware is putting premiums up, and the increase in the number of attacks, as well as the number of successful attacks, means insurance is getting harder to get and is getting more expensive." -Nik Whitfield, Panaseer.

By the numbers. It makes sense that people who are infected with ransomware would turn to search engines to find out more about the ransomware variant, and how to remove it without having to pay the ransom, right? That was the thinking behind a recent analysis which looked at search engine queries. To our surprise, WannaCry is by far the most common – suggesting that people are still getting infected by the worm. Good thing it doesn’t actually encrypt the files anymore, thanks to the killswitch. Take WannaCry out of the equation, and it turns out lots of people are searching for information about Ryuk and for decryptor tools for Cerber ransomware.

Headlines on Tap

• Retbleed will be addressed in the next release of the Linux kernel.
• Attackers are targeting industrial control systems with fake versions of password recovery tools.
• If we are going to use AI to automate security decisions, AI needs guardrails, says JupiterOne’s Sounil Yu.

Subscribe to get the latest headlines delivered to you each morning with Dark Reading Daily.

On That Note

We are really enjoying the creative and funny captions, so keep them coming. We are kicking off the July cartoon, and the winner of the most cunning and creative caption will win a Amazon gift card. Comment and show us what you got.