6 reasons why ransomware is persisted by Candid Wuest, VP of Cyber Protection Research, Acronis

Cybersecurity has come a long way since its inception, but so have the cyber criminals who gave it
purpose. Today's world is more digitally dependent than ever. IT environments are becoming increasingly
complex, and small flaws in resilience can significantly impact an organization's ability to continue
operating despite security incidents or breaches. Here are the six reasons for Ransomware active in 2023.
 Ransomware is still active: The ransomware threat remains active and evolving. While we are
witnessing an increase in data exfiltration, the main actors are continuing to professionalise their
operations. The majority of the major players have expanded to macOS and Linux and are also
investigating the cloud environment. New programming languages, such as Go and Rust, are
becoming more popular, necessitating changes to analysis tools. Attacks will continue to increase
as long as they are profitable, especially when cyber insurance covers some of the consequences.
Attackers will increasingly concentrate their efforts on uninstalling security tools, deleting
backups, and disabling disaster recovery plans. Techniques for living off the land will be critical
in this.
 Data breaches for the general public: Malware that steals information, such as Racoon and
Redline, is becoming the norm for infections. Stolen data frequently includes credentials, which
are then sold for use in subsequent attacks by initial access brokers. The increasing number of
data blobs, combined with the complexity of interconnected cloud services, will make it more
difficult for businesses to keep track of their data. The requirement for multiple parties to access
the data makes keeping it encrypted and protected more difficult. A single leaked API access key,
such as one discovered on GitHub or in the mobile app, can be sufficient to steal all data. This
will lead to advancements in privacy-conscious computing.
 Phishing goes beyond emails: Millions of malicious emails and phishing attacks are still being
sent. Attackers will continue to use previously leaked data to automate and personalise their
attacks. To avoid filtering and detection, socially engineered scams such as Business Email
Compromise Attacks (BEC) will increasingly spread to other messaging services such as text
messaging, Slack, Teams Chat, and so on. Phishing, on the other hand, will continue to use
proxies to capture session tokens, steal MFA tokens, and disguise itself with diversions such as
QR codes.
 Unsmart contracts: The attacks on cryptocurrency exchanges and smart contracts on various
blockchains do not appear to be coming to an end. Nation-state attackers are also attempting to
steal hundreds of millions of dollars in digital currencies. In addition to the traditional phishing
and malware attacks against their users, more sophisticated attacks on smart contracts,
algorithmic coins, and Defi solutions continue.
 Living within your infrastructure: Service providers are increasingly being targeted and
hacked. The attackers then take advantage of the installed tools, such as PSA, RMM, or other
deployment tools, to live off the land. They are not only managed IT service providers, but also
consulting firms, first-level support organisations, and other partners with similar interests.
Without painstakingly crafting software supply chain attacks, these outsourced insiders are
frequently deployed as the weakest link in a target organisation.
 The rise of sophisticated ransomware attacks has highlighted data exfiltration: Attacks on
sensitive data will continue to plague organisations in 2023 and beyond due to their increasing
prevalence and sophistication. Double extortion attacks are more powerful because they encrypt
sensitive and proprietary data, hold it for ransom, and then publish the data on the dark web
unless organisations pay up. "There are now more ways for attackers to monetize data," according
to the Verizon 2022 Data Breach Investigations Report.