Cyber extortion remains the most prominent threat to businesses of all sizes across all industries, a new report from Orange Cyberdefense has found.
The 2024 Cy-Explorer report shows that the number of cyber extortion victims has increased by 77% year-over-year.
The research found that small businesses are four times more likely to be victims of cyber extortion than medium-sized and large businesses.
Cyber extortion and the ‘dark number’
Hackers looking to put pressure on a company that has fallen victim to a ransomware attack can post fragments of the stolen data on dark web leak sites to put additional pressure on the victim organization to pay the ransom or face the consequences.
In Q1 2024 alone, 1,046 organizations were victims of double extortion. The true number of victims of ransomware attacks is likely much higher – known as the “dark number” – because cyber extortion statistics are collected from observable data on dark web leak sites.
Hackers are increasingly targeting regions with strong economic growth and regions with shared languages, with attacks in the US, UK and Canada increasing by 108%, 96% and 76% respectively. Europe also saw a 60% increase in cyber extortion.
All sectors are at risk of being targeted, with the top three being manufacturing, professional, scientific and technical services, and wholesale trade. The report notes that there has been a marked increase in attacks on healthcare and social assistance organisations, with Orange Cyberdefense stating that “Threat Actors now appear fully prepared to compromise and extort healthcare organisations, despite the societal and potential political implications.”
Additionally, cyber extortion victims’ data is repeatedly posted to leak sites by different threat actors over long periods of time, as threat actors seek to increase pressure, impose penalties on organizations that refuse to pay, and recoup financial investments by selling the stolen data. Some organizations have had their data posted to different sites up to three times by multiple different threat actors.
Fortunately for us, threat actors are predictable and stick to what works for them. Their tactics, techniques and procedures (TTPs) do not change drastically and the vulnerabilities they exploit can be mitigated with patch management and vulnerability management. Orange Cyberdefense offers the following recommendations to protect against cyber extortion, ransomware and other common malware:
- Create a backup plan to keep the data that is most important to your organization safe, in an offline and/or offsite location. Backup recovery plans should be tested regularly and the backups themselves should be kept up to date with critical data.
- Make sure your devices have the latest software, especially if they connect to the internet. Use a well-maintained asset registry to do this.
- Ensure a strong multi-factor authentication system to restrict initial access and lateral movement, and only grant users access to the systems they need to do their jobs.