 |
| Cybersecurity concept artwork generated by Google Gemini (Imagen 3). |
May 12, established in 2020 by both INTERPOL and Kaspersky, is World Anti-Ransomware Day. Ransomware continues to be relevant.
Singapore's Cybersecurity Security Agency warned in an advisory as recently as April 2025: "Ransomware is now a widespread, sophisticated, and systemic threat with the potential to severely disrupt essential services, compromise national security, and cripple the operations of organisations."
"The ransomware world isn’t just evolving—it’s fragmenting, decentralising, and growing more dangerous," said Check Point.
According to Check Point’s State of Ransomware Q1 2025 report:
- In Q1, there was a 126% year-over-year increase in publicly-named ransomware victims, totalling 2,289, an all-time high.
- Seventy-four ransomware groups are now operating concurrently, which Check Point said highlights an explosion of new actors and affiliate-driven threats.
- Even after taking inflated claims and recycled victim lists into account, the adjusted monthly average of confirmed victims surged past 650 per month—compared to ~450/month in 2024.
"Ransomware isn’t just growing in volume. It’s also mutating in method. Many groups increasingly focus on data extortion without encryption, reducing operational complexity and accelerating monetisation," Check Point noted.
Check Point’s 2025 reports also note an increased use of AI in malware development and campaign scaling:
- Groups like FunkSec have used large language model (LLM)-assisted malware builders, lowering the technical barrier to entry.
- Deepfake audio and visual impersonation tools are being deployed to enhance social engineering and victim manipulation.
- Criminals now use generative AI to manage multilingual phishing campaigns, business email compromise (BEC) attacks, and one-time password (OTP) theft through automated call bots.
"This trend is accelerating the professionalisation of ransomware operations. It also makes defenders’ jobs exponentially harder. In a threat landscape defined by cartelised ransomware, fake branding, and AI-powered automation, only real-time, consolidated security intelligence can keep organisations ahead," said Check Point.
KnowBe4, is also predicting that AI - specifically, agentic AI ransomware - will become a new threat in the near future. The company defined AI agentic ransomware as a collection of AI bots that perform all the steps necessary to conduct a successful ransomware attack, "only faster and better".
KnowBe4 explained that the AI-enabled agentic ransomware will gain initial access, analyse the environment, determine how to maximise malicious hacker profits, and implement attacks. These attacks will escalate maximise hacker profits, the company said.
"We have already seen how AI has been used in hacking for a few years now and the near-term future is best predicted by past behaviour," said Roger Grimes, Data-driven Defense Evangelist, KnowBe4.
"History shows that the bad actors follow about six to 12 months behind what the good actors invent and discover. It takes that long for the bad actors to learn what the good actors developed and then figure out not only how to use it maliciously, but place it into existing hacker tools and kits so a broad range of hackers can use them. Now is the time to start using agentic AI in cybersecurity defences – before it becomes a true threat."
In a blog post, Kaspersky gave several reasons not to pay ransomware:
Low quality of decryptors
Kaspersky said that while decryptors promise to quickly return all encrypted information to its original state and allow work processes to be resumed, almost painlessly, "in practice, this almost never happens". Extortionists have been known to fail sending a decryptor, Kaspersky said. Another reason is that cybercriminals specialise in encryption, not decryption, so less effort is spent on decryptor applications.
"It may turn out that restoring data from a backup copy is much faster than using the attackers’ utility," the company stated.
Revisits
Kaspersky pointed out that people talk about the victims which are willing to pay ransoms. "Cybercriminal gangs communicate with each other, and 'affiliates' switch between ransomware-as-a-service providers. In addition, when law enforcement agencies successfully stop a gang, they’re not always able to arrest all of its members, and those who’ve evaded capture take up their old tricks in another group. As a result, information about someone successfully collecting a ransom from a victim becomes known to the new gang, which tries to attack the same organisation – often successfully," said the company.
Illegal to keep quiet
More national legislation is mandating that ransomware attacks be reported, and that ransoms be ignored. "The Cybersecurity Act has been updated in Singapore, requiring critical information infrastructure operators to report incidents, including ones related to supply-chain attacks and to any customer service interruptions," noted Kaspersky.
"A company that secretly paid extortionists risks receiving unpleasant consequences for many years to come if the incident becomes public (for example, after the extortionists are arrested)," the company pointed out.
"The conclusion is simple: paying money to ransomware operators may be not the solution, but a prolongation and deepening of the problem. The key to a quick business recovery is a response plan prepared in advance."
Hashtag: #ransomware #AntiRansomwareDay
No comments:
Post a Comment