Ransomware actors are increasingly targeting smaller companies, particularly those with revenues ranging from $10 million to $50 million, according to a recent report by Kovrr, a cyber-risk quantification platform. The rationale behind this shift appears to be the smaller IT budgets and less security expertise available in such entities, rendering them easier targets.
“They’re willing to compromise on the size of the ransoms for having easier attacks, and being able to perform more attacks because some of these companies use the same cloud services, the same programs,” states Guy Propper, head of data at Kovrr. These attackers are voluntary forsaking larger extortion payments from high-revenue companies, opting for easier targets that are less likely to attract swift law enforcement action, as was demonstrated by the rapid response to the 2021 attack on Colonial Pipeline.
The report also shares insights on the most impacted industries with the services sector, specifically business services, leading the list. Factors contributing to this vulnerability include a dependency on third-party services, an imperative to minimize downtime, and the accumulation of vast volumes of consumer data in these organizations.
Ransomware is becoming increasingly sophisticated with threat actors adopting organizational structures and advanced technological tools to carry out large-scale operations. The crime now involves complex teams of specialists performing different roles including running the ransomware, target identification and handling negotiations. The use of artificial intelligence, specifically large language models, has further enhanced their capabilities in areas such as writing ransomware code and identifying potential targets.
According to data from the report, ransomware attacks fell by 32% in the first half of 2023. However, this trend might just be an indication of delayed reporting by victim companies, given that the trend over the last two years has seen more attacks reported in the second half of the year. In line with this, crypto-crime update by Chainalysis, a blockchain data analysis firm, reports a rise in ransomware payments in 2023.
Moreover, the report reveals that a relatively small group of ransomware gangs – a “top 10” list, as it were – is responsible for the majority of ransomware attacks targeting companies with less than $50 million in revenue. These groups executed 87% of the attacks recorded in the first half of 2023, with Lockbit 3.0, BlackCat, and Clop, the top three most active groups, carrying out over half of these attacks.
Double Extortion, a research project which provides data on ransomware leaks, along with Kovrr’s proprietary sources and methods, were used to analyze the ransomware threat landscape.