Unpatched vulnerabilities remain the most prominent attack vectors exploited by ransomware groups. In 2021, 65 new vulnerabilities tied to ransomware were discovered, representing a 29 percent growth over 2020 and bringing the total number of vulnerabilities associated with ransomware to 288, a new report showed on Thursday.
The report by US-based IT software firm Ivanti, conducted with Cyber Security Works and threat intelligence firm Cyware, also identified 32 new ransomware families in 2021, bringing the total to 157 and representing a 26 percent increase over the previous year.
“Ransomware groups are becoming more sophisticated, and their attacks more impactful. These threat actors are increasingly leveraging automated tool kits to exploit vulnerabilities and penetrate deeper into compromised networks,” said Srinivas Mukkamala, Senior Vice President of Security Products at Ivanti.
The report also found that these ransomware groups are continuing to weaponize zero-day vulnerabilities in record time to instigate crippling attacks.
“At the same time, they are broadening their attack spheres and finding newer ways to compromise organisational networks and fearlessly trigger high-impact assaults,” the findings showed.
According to Coveware, organizations pay an average of $220,298 and suffer 23 days of downtime following a ransomware attack.
“This calls for an increased emphasis on cyber hygiene. Looking ahead, automating cyber hygiene will become increasingly important, especially as environments continue to get more complicated,” the report emphasized.
Ransomware groups are increasingly targeting supply chain networks to inflict major damage and cause widespread chaos.
A single supply chain compromise can open multiple avenues for threat actors to hijack complete system distributions across hundreds of victim networks.
