Ransomware: An Evolving Threat to Businesses
Ransomware, one of the oldest and most well-known examples of malware, traditionally was associated with hackers utilizing criminal extortion to prevent home users from accessing files on their personal computers without paying a ransom. However, innovations in business networking and computing have paved the way for innovations in ransomware technologies as well, evolving crude home computer grievances into risk of significant disruption of business operations. Organized gangs of cybercriminals soon rose to prominence, garnering press coverage by making victims of high-profile targets such as hospitals or government bodies. In today’s volatile cybercrime landscape, the risk of ransomware disrupting business operations is not a threat to be taken lightly.
The Rise and Fall of LockBit
Cybercrime gang LockBit boasted a reputation as one of the largest threat actors in the world since its emergence in late 2019, the group’s signature ransomware platform accounting for a staggering 24% of international ransomware attacks in 2023 alone according to data published to the United States ODNI. In February, international law efforts led by the by the UK’s National Crime Agency led to the seizure of a sizable portion of the LockBit gang’s key infrastructure and multiple arrests on their affiliates, significantly disrupting the group’s internal operations. While LockBit has since scrambled to recollect itself, having since created a new dark web portal and taken credit for a number of new attacks, the fact remains that its reputation is tarnished in the criminal underworld.
LockBit Platform Continues to be Weaponized
Despite the recent setbacks to LockBit, the group’s ransomware technologies continue to be utilized in breaches. Beginning in November of 2023, rising cybercriminal group DragonForce has claimed a number of high-profile victims, including the Ohio State Lottery, with its ransomware operations. However, recent findings published in a blog by cybersecurity firm Trellix suggest that DragonForce’s ransomware build is none other than a modified version of the infamous LockBit Black build, which saw its source code leaked to the internet in mid 2022. Unsurprisingly, DragonForce is not alone in its opportunistic use of the LockBit Black code, with other emerging cybercriminal operations having been shown to utilize it in their attacks.
What This Means for Small to Medium-Sized Businesses (SMBs)
While the threat actors who make headlines often do so by targeting public infrastructure and larger Fortune 500 corporations, the presumption that small to medium-sized businesses (SMBs) fly under the radar from financially driven cybercriminals couldn’t be any further from the truth. Rather, 82% of ransomware attacks occurring in 2021 targeted businesses of less than 1000 employees, according to findings published by ransomware specialists Coveware. Moreover, ransomware threat actors themselves have been known to prefer targeting smaller businesses. In an interview with a Russian newspaper, an anonymous threat actor affiliated with the now-defunct REvil group suggested that “It is better [for cybercriminals] to quietly receive stable small sums from mid-sized companies, only occasionally entering corporations[…].” With that in mind, it’s more vital than ever before for SMBs to take proactive measures in evaluating their vulnerabilities and investing in adequate cybersecurity solutions.
What’s the Remedy?
Many small to medium-sized businesses may lack the qualified in-house staff for a cybersecurity team. Partnering with a Managed Service Provider (MSP) can offer a practical solution to this shortcoming by outsourcing the responsibility of security management to a team of skilled professionals. Precision Networks partners with small to medium-sized businesses, providing a fortified selection of modern cybersecurity measures fine-tuned to safeguard our clients.
Contact us today for a complimentary security assessment and take the first step towards securing your business against the looming threat of ransomware.