Ransomware down this year – but there's a catch

The number of ransomware attacks worldwide dropped 31 percent year-over-year during the first nine of months 2022, at least as far as SonicWall has observed. But don't get too excited.

While that may sound like great news, there's a catch. According to SonicWall CEO Robert VanKirk, the decline follows a record-setting spike in 2021. Without that outlier, the ransomware rate this year shows a steady increase over 2017 through 2020. In fact, the nine-month total of 338.4 million ransomware attempts this year is more than the full-year totals in every year except 2021.

"Ransomware attacks have been trending up for five-plus years, and this year is continuing that trend, except as compared to the uniquely high spikes we saw in 2021," VanKirk said in an email interview with The Register.

All of this is outlined in SonicWall's Threat Mindset Survey of customers.

The latest figures highlight what SonicWall is calling an "unstable cyberthreat landscape" of expanding attack surfaces, shifting battlefronts, growing numbers of threats, and the tense geopolitical environment that is feeding all of it.

"The unpredictability is in the swings we're seeing both in where the attacks are occurring and the types of attacks that are seeing the largest increases," VanKirk said. "Ransomware numbers have dropped from 2021 in traditional hotbeds of the US and Germany – 51 percent and 46 percent respectively – but are spiking in other parts of the world."

He also pointed to significant jumps in cryptojacking (up 35 percent) and Internet of Things (IoT) attacks (92 percent).

"Bad actors are coming at us in varying degrees, in varying locations, and in varying attacks more than ever, making this a very volatile threat landscape," he said.

Ransomware attacks have been trending up for five-plus years, and this year is continuing that trend

The ransomware environment reflects this. The number of attempts dropped significantly for the US between January and September but increased in the UK by 20 percent and Europe by 38 percent, the CEO said. With regional tensions in Eastern Europe and elsewhere, threat groups may be focused more on disrupting regional foes and promoting specific interests than attacking US targets, he said.

• Payment terminal malware steals $3.3m worth of credit card numbers – so far
• Alert: This ransomware preys on healthcare orgs via weak-ass VPN servers
• Could you not? BlackByte ransomware slinger twists the knife with data stealer
• Upstart Ransom Cartel linked to REvil veterans

"That said, we know it is only a matter of time before there is a renewed focus on North American targets, so with major increases in encrypted threats, IoT malware, cryptojacking, and new unknown variants, it's critical that cyber security leaders have all the required tools and technology to proactively detect and remediate against increasingly sophisticated and targeted threats," said VanKirk.

Much of the focus in cyber security is on ransomware, which in recent years has branched out to include ransomware-as-a-service (RaaS) and increasingly data extortion. It also has the attention of enterprise executives. About 91 percent of the customers SonicWall surveyed said they are most concerned about ransomware.

It makes sense. Cisco's Talos threat intelligence group today published third-quarter numbers that showed ransomware and pre-ransomware engagements were the top threats, accounting for about 40 percent of a list that included business email compromise (BEC), phishing, and commodity malware.

Amidst all this, the ransomware scene is evolving rapidly, with higher-profile attacks that bring in larger payouts, according to SonicWall's VanKirk. RaaS – a market with sellers, affiliates, and at times initial access brokers – makes it increasingly easily for less-technical cyber criminals to buy ransomware kits and launch attacks. At the same time, ransomware groups are diversifying operations, expanding networks, and feeding a growing demand for their services.

"With so much turmoil in the geopolitical landscape, cybercrime is increasingly becoming more sophisticated and varying in threats, tools, targets, and locations," he said. "As bad actors diversify their tactics and look to expand their attack vectors, we expect global ransomware volume to continue its upward trend."

In addition, while the more sophisticated cyber criminals will focus on attacking larger and higher-profile targets and create more disruptive economic impacts, they are also "increasingly encouraging a barrage of smaller but more dispersed attacks through the sale of RaaS," VanKirk said. ®