Cyber extortion remains the most prominent threat facing businesses of all sizes across all industries, a new report from Orange Cyberdefense has found.
The 2024 Cy-Explorer report worryingly uncovered that the number of victims of cyber extortion scams has grown by 77% year on year.
The research added small businesses are four times more likely to be impacted by cyber extortion than medium and large businesses.
Cyber extortion and the “dark number”
Hackers looking to apply pressure on a business that has suffered a ransomware attack may post snippets of the stolen data on dark web leak sites to apply additional pressure on the victim organization to pay up the ransom, or suffer the consequences.
In Q1 of 2024 alone, there were 1,046 organizations that were the victims of double-extortion. The actual figure for victims of ransomware attacks is likely to be much higher – known as the “dark number” – due to the stats on cyber extortion being gathered from observable data on dark web leak sites.
Hackers are increasingly targeting regions with strong economic growth and regions with shared languages, with attacks in the US, UK and Canada increasing 108%, 96% and 76% respectively. Europe also saw a 60% increase in cyber extortion.
All industries are at risk of being targeted, with the top three being manufacturing, professional, scientific, and technical services, and wholesale trade. The report points out that there has been a marked increase in attacks against health care and social assistance organizations, with Orange Cyberdefense stating that, “Threat Actors currently seem completely willing to compromise and extort healthcare institutions despite the societal implications and potential political consequences.”
Moreover, victims of cyber extortion are repeatedly having their data posted on leak sites by different threat actors over long periods of time, as threat actors seek to increase pressure, inflict punishment on organizations that refuse to pay up, and to recoup financial investment by selling the stolen data. Some organizations had their data posted up to three times across different sites by multiple different threat groups.
Luckily for us, threat actors are predictable and stick with what works for them. Their tactics, techniques and procedures (TTPs) do not drastically change, and the vulnerabilities they exploit can be mitigated with patch management and vulnerability management. Orange Cyberdefense offers the following recommendations to protect against cyber extortion, ransomware and other general malware:
- Put in place a backup plan to keep the data most important to your organization safe, in an offline and/or offsite location. Plans for restoring backups should be tested regularly, and the backups themselves should be kept up to date with critical data.
- Ensure your devices use up-to-date software, especially if they are internet-facing, using a well-maintained asset register.
- Put in place a strong multi-factor authentication system to mitigate initial-access and lateral movement, and only provide users access to the systems they need to do their job.
