Harassment Surged 20x In Ransomware Cases, New Report From Palo Alto Networks Unit 42 Finds

The report reveals insights into the latest tactics of ransomware gangs; financial, geographical and industry impacts based on data gathered from Unit 42 investigations.

A new report from Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, found that ransomware and extortion actors are utilizing more aggressive tactics to pressure organizations, with harassment being involved 20 times more often than in 2021, according to Unit 42™ incident response cases. This harassment is typically carried out via phone calls and emails targeting a specific individual, often in the C-suite, or even customers, to pressure them into paying a ransom demand. The 2023 Unit 42 Ransomware and Extortion Report shares insights compiled based on findings from Unit 42’s incident response work from approximately 1,000 cases throughout the past 18 months.

Ransomware demands continued to be a pain point for organizations this past year, with payments as high as US$7 million in cases that Unit 42 observed. The median demand was US$650,000, while the median payment was US$350,000 indicating that effective negotiation can drive down actual payments.

“Ransomware cyber-attacks against New Zealand organisations have more than quadrupled since 2020 and we can expect more attacks as criminals seek to exploit vulnerabilities and more of our data moves online. We only have to look at the healthcare sector where in the past 12 months cyber-attacks resulted in providers struggling to operate without access to their information technology systems and private patient information being leaked onto the dark web,” said Misti Landtroop, New Zealand Country Manager for Palo Alto Networks.

“Organisations that prioritise cybersecurity know that it is a business issue and not simply an information technology issue and understand the trust Kiwis put in them to stop cyber-attacks and protect their personal data,” added Landtroop.

Key trends from the report include:

Attackers Add Pressure with Multi Extortion

Ransomware groups have been observed layering extortion techniques for greater impact, with the goal of applying more pressure on organizations to pay the ransom. Some of these tactics include encryption, data theft, distributed denial of service (DDoS) and harassment. Data theft, which is often associated with dark web leak sites, was the most common of the extortion tactics, with 70% of groups using it by late 2022 — a 30 percentage point increase from the year prior.

Leak Sites Drip with Data

Every day, Unit 42 researchers see an average of seven new ransomware victims posted on leak sites — equating to one new victim every four hours. In fact, in 53% of Unit 42’s ransomware incidents involving negotiation, ransomware groups have threatened to leak data stolen from organizations on their leak site websites. This activity has been seen from a mix of new and legacy groups, indicating that new actors are entering the landscape to cash in as legacy groups have done. Established groups like BlackCat, LockBit and others contributed to 57% of the leaks, with new groups trailing close behind with 43%.

Ransomware Groups Attack Society’s Most Vulnerable

There have been many notable attacks in the past year from ransomware groups, with a particular spike in attacks on schools and hospitals, demonstrating how low these actors are willing to stoop in their attacks. This includes the attacks from Vice Society, which was responsible for the data leaks from several major school systems in 2022. The group continues to be active in 2023, with nearly half of the incidents posted to their leak site impacting educational institutions.

The report also shares further insights into tactics threat actors use with increased frequency, industries and regions most impacted, and ways organizations can protect themselves better:

• Organizations based in the U.S. were most severely publicly affected, with 42% of the observed leaks in 2022. Followed by Germany and the U.K., accounting for nearly 5% each.
• In 2022, 30 organizations on the Forbes Global 2000 list were publicly impacted by extortion attempts. Since 2019, at least 96 of these organizations have had confidential files publicly exposed to some degree as part of attempted extortion.
• Manufacturing was the most targeted industry in 2022, with 447 compromised organizations publicly exposed on leak sites.
• At least 75% of ransomware attacks fielded by Unit 42’s Incident Response team resulted from attack surface exposures.

Additional detail on Unit 42’s predictions, C-level recommendations and more can be found in the 2023 Unit 42 Ransomware and Extortion Report, which can be downloaded on the Palo Alto Networks website. You can also download Unit 42’s Mitigating Cyber Risks with MITRE ATT&CK, which provides actionable strategy and practitioner-focused recommendations. An in-depth article on ransomware groups, their behaviors and their financial impact is available on the Unit 42 blog.

About Unit 42

Palo Alto Networks Unit 42 brings together world-renowned threat researchers, elite incident responders, and expert security consultants to create an intelligence-driven, response-ready organization that's passionate about helping you proactively manage cyber risk. Together, our team serves as your trusted advisor to help assess and test your security controls against the right threats, transform your security strategy with a threat-informed approach and respond to incidents in record time so that you get back to business faster. Visit paloaltonetworks.com/unit42.

About Palo Alto Networks

Palo Alto Networks is the world's cybersecurity leader. We innovate to outpace cyber threats, so organizations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we're committed to helping ensure each day is safer than the one before. It's what makes us the cybersecurity partner of choice.

At Palo Alto Networks, we're committed to bringing together the very best people in service of our mission, so we're also proud to be the cybersecurity workplace of choice, recognized among Newsweek's Most Loved Workplaces (2021 and 2022), Comparably Best Companies for Diversity (2021), and HRC Best Places for LGBTQ Equality (2022). For more information, visit www.paloaltonetworks.com.

Palo Alto Networks and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names, or service marks used or mentioned herein belong to their respective owners. Any unreleased services or features (and any services or features not generally available to customers) referenced in this or other press releases or public statements are not currently available (or are not yet generally available to customers) and may not be delivered when expected or at all. Customers who purchase Palo Alto Networks applications should make their purchase decisions based on services and features currently generally available.

© Scoop Media