“Skillful Social Engineering of the IT Support Desk” One of the Most Common Tactics in Ransomware Attacks

Busiest Month for Ransomware As ransom payments reach an all-time high, it’s time to look at attacks from a data perspective and find the greatest opportunities to stop these attacks.

Every quarter, I’ve been covering the Quarterly Ransomware Reports from ransomware response company Coveware. In their latest report covering Q3 of this year, we get a greater sense of what trends their security researchers are seeing from the data:

The average ransom payment made jumped up by 15% to just over $850K
The median size of company targeted remains in the mid-market at around 350 employees
We’re constantly seeing new players in the market – Q3’s number one player, Akira, was first spotted in Q2 and now is the top variant seen in attacks
“Unknown” has taken the top spot as the most prevalent initial attack vector

This last one is interesting. If you’ve read my coverage of these reports before, you know how much I hound on “email phishing” being at or near the top of initial attack vectors. But Coveware makes some interesting commentary on why “Unknown” is at the top.

“A continued reliance of ransomware actors on access brokers who may establish a foothold weeks or months ahead of the actual incident, whose access points cannot be confidently proven due to the expiration of critical forensic artifacts from the time of initial access.”

They also mention that “Stolen/leaked VPN credentials continue to be a valuable resource for big game hunters who leverage these persistent, legitimate access points without triggering the same alarms that leveraging a malicious foothold might set off.”

Lastly, “Phishing remains prevalent despite the disruption of the Qbot botnet. Recent examinations of our data suggest phishing is more likely to be the predecessor to a data-theft-only extortion attack than it is for encryption-focused attacks.”

It’s the complex nature of multiple threat groups working together via the cybercrime ecosystem – each playing a smaller role in what becomes a larger single attack – that creates the “inconclusive” nature of the initial attack vector. But if you are reading between the lines of the commentary above from Coveware, it does become evident that both phishing and social engineering – something security awareness training helps fend against – are very much playing a role in these attacks.

KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

A Master Class on IT Security: Roger Grimes Teaches Ransomware Mitigation

Cyber-criminals have become thoughtful about ransomware attacks; taking time to maximize your organization’s potential damage and their payoff. Protecting your network from this growing threat is more important than ever

Join Roger Grimes, Data-Driven Defense Evangelist at KnowBe4, for this thought-provoking webinar to learn what you can do to prevent, detect, and mitigate ransomware. You'll learn:

How to detect ransomware programs, even those that are highly stealthy

Official recommendations from the Cybersecurity & Infrastructure Security Agency (CISA)

The policies, technical controls, and education you need to stop ransomware in its tracks

Why good backups (even offline backups) no longer save you from ransomware