Ransomware assaults are getting extra complicated and even more durable to stop

Just 23% of enterprises provide their security teams with vulnerability data to identify potential ransomware attacks and breach attempts. Ransomware attackers have the upper hand in knowing which systems and configurations defined in CVEs are the most vulnerable. They are creating more sophisticated, complex ransomware code to capitalize on long-standing system gaps.

Ransomware attackers are probing identified frequent vulnerabilities and exposures (CVEs) for weaknesses and shortly capitalizing on them, launching assaults sooner than vendor groups can patch them. Sadly, ransomware attackers are additionally making assaults extra complicated, pricey, and difficult to determine and cease, by performing on potential targets’ weaknesses sooner than enterprises can react.

Ransomware’s data hole is rising

Two current analysis research, Ivanti’s newest ransomware report carried out with Cyber Safety Works and Cyware, and a second research by Forrester Consulting on behalf of Cyware, present there’s a widening hole between how shortly enterprises can determine a ransomware risk versus the quickness of a cyberattack. Each research present a stark evaluation of how far behind enterprises are on figuring out and stopping ransomware assaults.

Ransomware attackers are increasing their assault arsenal at an growing charge, adopting new applied sciences shortly. The Ransomware Index Replace Q3 2021 recognized ransomware teams increasing their assault arsenal with 12 new vulnerability associations in Q3, twice the earlier quarter. Newer, extra refined methods, together with Trojan-as-a-service and Dropper-as-a-service (DaaS), are being adopted in assaults. Moreover, during the last yr, extra ransomware code has been leaked on-line as extra superior cybercriminals look to recruit less-advanced gangs as a part of their ransomware networks.

Ransomware continues to be among the many fastest-growing cyberattack methods of 2021. The variety of identified vulnerabilities related to ransomware has elevated from 266 to 278 in Q3 of 2021 alone. There’s additionally been a 4.5% improve in trending vulnerabilities actively exploited to launch assaults, taking the entire depend to 140. Moreover, Ivanti’s Index Replace found 5 new ransomware households in Q3, contributing to the entire variety of ransomware households globally reaching 151.

Ransomware teams are mining identified CVEs to seek out and capitalize on zero-day vulnerabilities earlier than the CVEs are added to the Nationwide Vulnerability Database (NVD) and patches are launched. 258 CVEs created earlier than 2021 are actually affiliated with ransomware primarily based on current assault patterns. The excessive variety of legacy CVEs additional illustrates how aggressive ransomware attackers are at capitalizing on previous CVE weaknesses. That’s 92.4% of all vulnerabilities tracked being tied to ransomware immediately.

Menace intelligence is difficult to seek out

Seventy-one p.c of safety leaders say their groups want entry to risk intelligence, safety operations information, incident response, and vulnerability information, in response to Forrester’s Alternative Snapshot research commissioned by Cyware. Nonetheless, 65% are discovering it a problem immediately to supply safety groups with cohesive information entry. Sixty-four p.c can’t share cyber risk intelligence information cross-functionally immediately, limiting the quantity of Safety Operations Heart (SOC), incident response, and risk intelligence shared throughout departments. The next graphic illustrates how far behind enterprises are in offering real-time risk intelligence information. The data hole between enterprises and ransomware attackers is rising, accelerated by how shortly attackers capitalize on identified CVE weaknesses.

Above: Simply 23% of enterprises present their safety groups with vulnerability information to determine potential ransomware assaults and breach makes an attempt. Ransomware attackers have the higher hand in understanding which programs and configurations outlined in CVEs are probably the most susceptible. They’re creating extra refined, complicated ransomware code to capitalize on long-standing system gaps.

Picture Credit score: Cyware and Forrester

Enterprises’ lack of entry to real-time risk intelligence information leads ransomware attackers to fast-track extra complicated, difficult assaults whereas demanding greater ransoms. The US Treasury’s Monetary Crimes Enforcement Community or FinCEN launched a report in June 2021 that discovered suspicious exercise reported in ransomware-related Suspicious Exercise Stories (SARs) throughout the first six months of 2021 reached $590 million, exceeding the $416 million reported for all of 2020. FinCEN additionally discovered that $5.2 billion in Bitcoin has been paid to the ten main ransomware gangs during the last three years. The typical ransom is now $45 million, with Bitcoin being the popular cost foreign money.

Attacking the weak spots in CVEs

The Q3 2021 Ransomware Index Highlight Report illustrates how ransomware attackers research long-standing CVEs to seek out legacy system gaps in safety to take advantage of, usually undetected by under-protected enterprises. An instance is how HelloKitty ransomware makes use of CVE-2019-7481, a CVE with a Widespread Vulnerability Scoring System (CVSS) rating of seven.5. As well as, the Index notes the Cring ransomware household has added two vulnerabilities (CVE-2009-3960 and CVE-2010-2861) which have been in existence for over a decade. Patches can be found, but enterprises stay susceptible to ransomware assaults as a result of they haven’t patched legacy purposes and working programs but. For instance, a profitable ransomware assault occurred on a ColdFusion server lately working an outdated model of Microsoft Home windows. The next compares the timelines of two CVEs, illustrating how Cring ransomware attacked every over a decade since every was initially reported:

The Q3 2021 Ransomware Index Spotlight Report includes an assessment of CVE-2009-3960 because it has recently been linked to Cring ransomware, further illustrating the point of how ransomware attackers are in essence mining CVEs for long-standing weaknesses to capitalize on.

Above: The Q3 2021 Ransomware Index Highlight Report consists of an evaluation of CVE-2009-3960 as a result of it has lately been linked to Cring ransomware, additional illustrating the purpose of how ransomware attackers are in essence mining CVEs for long-standing weaknesses to capitalize on.

Picture Credit score: Ivanti

As of Q3, 2021, there are 278 CVEs or vulnerabilities related to ransomware, quantifying the risk’s speedy development. Moreover, 12 vulnerabilities are actually related to seven ransomware strains. One of many new vulnerabilities recognized this quarter follows Q2’s zero-day exploit outlined in CVE-2021-30116, a zero-day vulnerability in Kaseya Unitrends Service exploited within the huge provide chain assault on July 03, 2021, by the REvil group.

On July 07, 2021, Kaseya acknowledged the assault and was added to the NVD on July 09, 2021. A patch for a similar was launched on July 11, 2021. Sadly, the vulnerability was exploited by REvil ransomware even because the safety workforce at Kaseya was getting ready to launch a patch for his or her programs (after reporting the vulnerability again in April 2021). The next desk offers insights into the 12 newly related vulnerabilities by CVE ranked by CVSS Rating. Enterprises who know they’ve vulnerabilities associated to those CVEs have to speed up their efforts in vulnerability information, risk intelligence, incident response, and safety operations information.

Ivanti’s Q3 2021 Ransomware Index Spotlight Report provides a hot list of CVEs for enterprises to evaluate their risk exposure and get on top of any potential weaknesses they have in these respective areas.

Above: Ivanti’s Q3 2021 Ransomware Index Highlight Report offers a sizzling record of CVEs for enterprises to guage their threat publicity and get on prime of any potential weaknesses they’ve in these respective areas.

Picture Credit score: Ivanti


The steadiness of energy is shifting to ransomware attackers attributable to their faster adoption of latest applied sciences into their arsenals and launch assaults. Consequently, enterprises want a better sense of urgency to standardize on risk intelligence, patch administration, and most of all, zero belief safety in the event that they’re doing to face an opportunity of shutting down ransomware assaults. The Kaseya assault by REvil validates the persevering with pattern of ransomware teams exploiting zero-day vulnerabilities even earlier than the Nationwide Vulnerability Database (NVD) publishes them. The assault additionally highlights the necessity for an agile-patching cadence that addresses vulnerabilities as quickly as they’re recognized, moderately than ready for an inventory-driven and sometimes sluggish rollout of patch administration throughout inventories of gadgets.


VentureBeat’s mission is to be a digital city sq. for technical decision-makers to realize data about transformative know-how and transact.

Our web site delivers important info on information applied sciences and techniques to information you as you lead your organizations. We invite you to turn into a member of our group, to entry:

  • up-to-date info on the topics of curiosity to you
  • our newsletters
  • gated thought-leader content material and discounted entry to our prized occasions, resembling Remodel 2021: Be taught Extra
  • networking options, and extra

Change into a member

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts