The ransomware attacks, contrary to what it may seem, I know they take advantage of old vulnerabilities in most cases that have not yet been patched in the companies in which they are produced. Thus, according to a report from the cybersecurity provider Ivanti, in the third quarter of 2021, attackers exploited a dozen new vulnerabilities, bringing the number of those associated with ransomware to 278. This data confirms what we have mentioned. Although the ransomware groups are more and more numerous, clever and sophisticated, they continue to use vulnerabilities already known for a long time.
Thus, in that period, vulnerabilities associated with ransomware rose 4.5%. The most common and exploited vulnerabilities in the period registered a similar increase, while ransomware families were up 3.4% from the previous quarter. Of the dozen new vulnerabilities, five are capable of remote code execution attacks, and two are capable of exploiting web applications and being manipulated to launch denial of service attacks.
Furthermore, old vulnerabilities associated with ransomware were up 1.2% compared to the previous three months, bringing the number of vulnerabilities associated with ransomware to 258. Therefore, no less than 92.4% of all vulnerabilities related to ransomware are old and there are patches for them.
According Srinivas Mukkamala, Vice President of Security Products at Ivanti, «Ransomware groups continue to mature their tactics, increasing their attack arsenals and targeting unpatched vulnerabilities within surface enterprise attacks. It is critical that organizations take a proactive, risk-based approach to patch management, leveraging automation technologies to reduce the time they spend detecting, discovering, remediating, and responding to ransomware attacks and other threats.«.
On the other hand, according to another cybersecurity report, in this case from the email security company Mimecast carried out from a survey among 742 professionals from around the world, close to the 80% of companies of the world have suffered a ransomware attack in the last two years. Of these, many have had to cope with and stop up to four attacks each day.
While, on average, companies experienced an average of 3,000 ransomware attacks, it has been large companies, that is, those with more than 5,000 employees, that have endured the most attacks of this type, with almost 10,000 in that period. Of the total, the most numerous have been made through phishing emails with associated files in which ransomware is found (54%). They are followed by web security, with 47%, and phishing emails that lead to an external download (45%).
This report also underscores that most companies are overconfident about their preparedness to defend against a ransomware attack. Despite the high number of attacks, 83% of managers believe that they can get all their data back without paying the ransom, which contradicts the fact: 39% said they gave up and complied with the attackers’ demands.
Aside from this, while 77% of survey participants believed that they could return their business to a normal state within two to five days after the attack, only 45% noted that they had file backups available to them. they would help to return to that normality.
Jonathan Miles, Head of Strategic Intelligence and Security Research at Mimecast, has recalled that «being prepared is key to fighting these attacks. It’s okay for cybersecurity leaders to feel prepared, but they must remain proactive and work to improve processes. This report clearly shows that ransomware attacks pay, which doesn’t exactly give cybercriminals an incentive to stop.«.