Cybersecurity News that Matters

Cybersecurity News that Matters

At-Bay Research Reveals Remote Access Behind 58% of Ransomware Attacks in 2023

by Business Wire

May. 15, 2024
9:10 PM GMT+9

New Annual InsurSec Report Provides Detailed Anatomy of Ransomware Attacks; Reveals Ransomware Didn’t Just Grow in 2023, It Evolved

Key News Highlights




  • Report reveals the frequency of ransomware claims jumped 64% YoY, primarily driven by an explosion in “indirect” ransomware incidents.
  • Organizations using Cisco and Citrix self-managed VPNs were 11X more likely to fall victim to a direct ransomware attack than those using a cloud-managed VPN or no VPN at all.
  • Threat actors both encrypted and exfiltrated data (double leverage) in 51% of ransomware attacks, showing an evolution in tactics.

SAN FRANCISCO–(BUSINESS WIRE)–At-Bay, the InsurSec provider for the digital age, today released its 2024 InsurSec Report, which details new trends in ransomware attacks against mid-market and emerging businesses. One major finding from the report, which analyzes At-Bay’s ransomware claims data from 2022 to 2023: Ransomware didn’t just grow in the US in 2023, it evolved, with the frequency of ransomware claims jumping 64% year-over-year. This was primarily driven by an explosion in “indirect” ransomware incidents which increased by more than 415% in 2023 than in 2022. Standing out among the biggest loss drivers were remote access tools, which accounted for 58% of ransomware attacks. Double leverage attacks – those using both data encryption and exfiltration – also grew by 51% in 2023, demonstrating that threat actors shifted their tactics to pressure more victims into paying ransoms.

“Vulnerabilities in remote access products continue to drive too many successful ransomware attacks,” said Rotem Iram, CEO and Co-Founder of At-Bay. “Technology providers and cybersecurity professionals must prioritize securing the perimeter by default and improving response to emerging threats, understanding that small businesses are unlikely to be able to solve those on their own.”

Key findings from the report:

  • Ransomware claims frequency as a whole jumped 64% year over year, primarily due to the explosion of “Indirect” ransomware claims whose frequency increased by 415%. Direct ransomware claims frequency increased by 17% in 2023.
  • Attackers continued to exploit remote access technology, with 58% of direct ransomware incidents attributable to a remote access vulnerability. In addition, attackers shifted their focus from RDP to targeting self-managed VPNs, which accounted for 63% of the remote access ransomware events in 2023.
  • Two of the most popular self-managed VPNs stood out in ransomware claims data. Organizations using Cisco and Citrix self-managed VPNs were 11X more likely to fall victim to a direct ransomware attack than those using a cloud-managed VPN or no VPN at all.
  • In contrast to the frequency, the severity of ransomware attacks dropped in At-Bay’s portfolio year-over-year. Likely driven by more businesses successfully restoring from backups in the wake of an attack, the average cost of a direct ransomware attack decreased by 24% in 2023, to $370K. At-Bay research has shown that companies who failed to restore their data from backups were 3X more likely to pay a ransom than those who couldn’t. Business interruption costs were also lower.
  • The average ransom demand by attackers exceeded $1.26M in 2023, though the average amount paid came in at $282K, 77% lower than the initial demand on average. This is in part due to At-Bay’s help in negotiating demand amounts down when the policyholder found it reasonable and necessary to pay. A ransom payment was avoided in more than half (54%) of the incidents At-Bay saw.
  • A combination of data encryption and exfiltration was the most common direct ransomware tactic. This double leverage tactic was used in 51% of incidents and was also the most costly for businesses. Encryption and exfiltration events saw the highest median ransom paid ($195K) over encryption-only incidents ($66K) or exfiltration-only incidents ($110K).
  • LockBit and BlackCat/ALPHV far overshadowed other threat actors. Of the 41 unique ransomware strains observed over 2023, LockBit and BlackCat/ALPHV were used in 35% of all direct ransomware attacks.

“Too often, real-world data on cyber risk and its correlation with financial losses is inaccessible to businesses,” said Tara Bodden, General Counsel and Head of Claims at At-Bay. “As an InsurSec provider, our visibility into both empirical claims and cyber research data uniquely enables us to surface meaningful correlations with great accuracy. We’re committed to increasing transparency in the security ecosystem by sharing our data insights, and better enabling organizations to deploy their scarce cybersecurity resources for maximum impact.”

To download the full 2024 InsurSec Report from At-Bay, and learn how organizations can better protect themselves from ransomware attacks, visit: At-Bay’s 2024 InsurSec Report.

Additional At-Bay reports:

About At-Bay

At-Bay is the InsurSec provider for the digital age. By combining world-class technology with industry-leading insurance and security expertise, At-Bay was designed from the ground up to empower businesses of every size to meet cyber risk head on. The At-Bay Group includes a cybersecurity company and a full-stack insurance company. As an insurance provider, At-Bay offers Cyber, Tech E&O, and Miscellaneous Professional Liability policies. As a security company, At-Bay offers proprietary security solutions including At-Bay Stance Managed Detection & Response (MDR).

At-Bay is backed by Acrew Capital, Glilot Capital, the HSB fund of Munich Re Ventures, Icon Ventures, ION Crossover Partners, Khosla Ventures, Lightspeed Venture Partners, M12, entrepreneur Shlomo Kramer, and Qumra Capital. www.at-bay.com

Contacts

Jackie Gray, Corporate Communications

[email protected]

Subscription

Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Business Wire

    Business Wire, a Berkshire Hathaway company, is the global leader in press release distribution and regulatory disclosure. Public relations, investor relations, public policy and marketing profession...

    View all posts
Author:
Stay Ahead with The Readable's Cybersecurity Insights