Chris Swagler | February 27th, 2023

During the pandemic, ransomware attacks exploded and continue to grow. There were four major ransomware groups operating at any given time prior to March 2020, and there are now roughly 20 groups. Just as LockBit 3.0 succeeded Conti in 2022, newcomers, including BlackBasta, BianLian, and Royal are all fighting for LockBit’s crown in 2023. They present new threats and new tactics, techniques, and procedures (TTPs), including BianLian’s using difficult to crack GoLang to build its malware. The increased usage of cloud services, which enabled efficient work from home (WFH) practices, and the increased number of third-party services and suppliers integrated into companies’ infrastructure, has significantly expanded the attack surface.

Companies need to improve their cybersecurity in several key areas, starting with understanding that numerous breaches occur from employees’ errors. They can range from opening email attachments from unknown sources to downloading malicious apps on personal smartphones. Even though significant breaches, including the Colonial Pipeline in the United States and the Royal Mail breach, the more recent incident in the United Kingdom, make headlines, it’s often smaller companies that provide the most appealing targets for ransomware groups. Aside from generally weak security, targeting companies with $20 – $100 million in yearly revenue ensures that successful cyberattacks won’t be reported and investigated. Major breaches that are seen to threaten national security and infrastructure are taken very seriously by not only the investigating agencies but by unpaid groups of threat operators, including those who toppled the Conti Group.

Because of the epidemic’s suddenness and the speed with which nationwide lockdowns were implemented, companies, even the largest and best organized, had no time to prepare for the mass exodus from the workplace in 2020. For years, numerous SMEs have employed bring-your-own-device (BYOD) initiatives to save money by encouraging employees to use their own cell phones and tablets for company communications. However, WFH uncovered the security weaknesses in this method, which has already resulted in a recent surge in identity theft. Every day, a single employee will typically go onto scores of external websites, submitting personal and log-in credentials that cybercriminals can steal and sell in bulk on the dark web and utilize in cyberattacks. Given the growing ransomware threats, companies need to boost their cybersecurity awareness throughout the organization, especially among employees who have chosen to continue working from home in the post-pandemic environment.

Emails that companies send to their employees to alert them of the dangers are insufficient because they’re usually disregarded. Engage with employees whenever possible. Intelligence acquired from a questionnaire meant to reveal ongoing security vulnerabilities and harmful behaviors can be sent back to employees to notify them that 30% of employees may be vulnerable to spear-phishing attacks. However, increased awareness needs to be accompanied by fundamental measures, including updating systems on a regular basis, rather than every couple of months, as is the situation at numerous companies.

Additionally, it’s recommended that employees who work from home connect to companies’ networks through a virtual private network (VPN) and companies should have insisted on it from the start of WFH. Numerous employees who returned home continued to utilize their own devices and unsecured home Wi-Fi networks. Numerous households are utilizing technologies to manage and monitor domestic appliances, which provide attractive attack vectors for determined threat operators. However, even though insisting employees use VPNs to access companies’ networks and providing them with dedicated devices for work purposes may seem like the best answer in theory, companies need to consider time and money concerns. Purchasing and maintaining workstations and other devices for all employees can be expensive. Companies can find it impractical to employ numerous communications devices for those working in certain sectors, including finance and technology, where important staff needs to be contacted 24/7.

With the rising number of ransomware groups, companies need to update security protocols, install safeguards, and educate their employees with access to corporate networks about the true nature and tempo of ongoing conflict with fast-growing ransomware groups in 2023. Additionally, it’s important for companies to always remain vigilant of the current threat landscape. At SpearTip, our certified engineers are continuously working 24/7/365 at our Security Operations Center monitoring companies’ networks for potential ransomware threats.

Our pre-breach advisory services allow our team to examine companies’ security posture to improve the weak points in their networks and engage with their people, processes, and technology to measure the maturity of the technical environment. Our remediation team focuses on restoring companies’ operations by isolating malware to reclaim networks and recover business-critical assets. Our ShadowSpear Platform, an integrable managed detection and response tool, uses comprehensive insights through data normalization to detect sophisticated unknown and advanced ransomware threats.

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.