Ransomware report: Repeat attacks on the rise

Olesia Klevchuk, product marketing director, Barracuda

Barracuda released its 2023 Ransomware Insights report, which includes critical findings about how prevalent these attacks are, who is being targeted, and why some companies are repeat victims.

The rate and scope of ransomware attacks continue to increase, with 73 percent of respondents saying they were the victims of at least one successful ransomware attack in 2022. This is not surprising, given that automated tools and ransomware-as-a-service platforms have made launching an attack more effortless than ever.

What should serve as a cautionary tale for companies (and of interest to VARs and MSPs) is that 38 percent of survey respondents were hit by more than one successful attack. You would think these companies would have hardened their networks and applications if they had suffered one breach. But that is not necessarily the case. According to the report:

“The organizations that were hit multiple times with ransomware were likelier to say 

they had paid the ransom to restore encrypted data. Of those hit once, 31% paid the ransom to restore encrypted data — compared to 34% of those hit twice and 42% of those affected three times or more. Repeat victims were also less likely to use a data backup system to help them recover.”

That means a sizable chunk of the market has not implemented basic disaster recovery and response activities (like backup and recovery, or BDR). For solution providers and MSPs, these companies may represent potential customers needing managed security services.

Email remains the primary gateway

Based on the survey, email is still ground zero for most of these attacks – for 69 percent of organizations that responded, that is where the ransomware attack started. Larger organizations reported a higher incidence of email-based attacks (75 percent).

While cybercrime and ransomware are often in the news, companies still underestimate the risk and exposure they face. For example, just 27 percent of companies surveyed said they felt underprepared for an attack – even though nearly three-quarters of them had already been breached.

In 2019, 44 percent of companies felt unprepared for an attack. While the current numbers would indicate more companies are taking security seriously, the success rate of ransomware attacks (and repeat attacks) reveals that many of these firms lack adequate protection and incident response measures. It also indicates they may be too willing to pay ransoms.

Certain risk factors increase vulnerability

For VARs and MSPs having security discussions with potential and existing clients, Barracuda outlined several risk factors that can make companies particularly vulnerable to attacks – and that can be addressed with various security tools and strategies.

First, these companies may not have implemented effective security to protect email from phishing scams or to secure web applications. These companies should use advanced security software and tools (like Zero Trust, multifactor authentication, endpoint security, etc.) to identify and stop these attacks through the most common vectors.

Second, companies need to have an incident response plan backed up by intelligent software that can help slow down or contain an attack. A managed security services provider with a 24/7 Security Operations Center (SOC) offering can help these companies with investigations, incident response, automated alerts, and other features. In addition, there should be post-attack work done to fill security gaps, change passwords, and identify compromised credentials.

Paying ransom to an attacker puts the company at risk for additional attacks. Companies that pay ransoms tend to have less secure infrastructure and lack data backup and recovery capabilities. Knowing this, attackers will go back to the well. These basic security measures should be implemented to help companies avoid the temptation to pay the ransom to make the problem disappear.

Companies that have purchased cyber insurance were also more likely to report falling victim to a ransomware attack. The lesson here is that if you have (wisely) invested in cyber insurance, you should back that up with effective security tools and services. 

The data on the increase in attacks – particularly the repeat attacks – should serve as a wake-up call for companies to do more to secure their networks. 

You can download the report here.

Olesia Klevchuk is Product Marketing Director for Barracuda.