Ransomware skyrockets in first-half 2023: Resilience

By Erin Ayers, Front Page News

2023 is set to be the “most prolific” year yet for ransomware activity, with third-party vendor risk becoming the number-one point of failure for organizations, according to cyber insurance provider Resilience’s mid-year claims report.

Ransomware notifications to Resilience increased 1,110% between Q2 2023 and Q2 2023, the firm said in its report. And, even with a 37% drop between Q1 2023 and Q2, this first six months of this year matched activity for the full year of 2022 and hit 84% of the levels seen in 2021 by Resilience.

“This sets 2023 as one of the most prolific years for ransomware on record,” said the firm. Resilience examined its own claims data as well as data from blockchain analytics firm Chainalysis and ransomware response firm Coveware for its report.

“Ransomware remains a top concern for our clients, with data from firms like Chainalysis showing 2023 is on track to be one of the most active years on record,” said Vishaal “V8” Hariprasad, CEO and co-founder of Resilience, in a statement. “However, ransomware risk can be mitigated to the point that victims can choose not to pay a ransom.”

According to Hariprasad and the report, there’s some good news – just 15% of Resilience clients paid a ransom to resolve an incident in the first half of 2023, down from 21.4% in 2022 and well below the 39.5% payment rate tracked by Coveware.

However, greater resistance on the part of organizations to pay ransom has cybercriminals “going after bigger fish and swimming upstream to hit vendors and bypass security controls,” according to the report. Threat actors have also shifted to encryption-less attacks, which can cause larger losses than traditional ransomware events.

The “bigger fish” can be seen in recent headlines, with casinos MGM Resorts and Caesars Entertainment falling victim to high-profile attacks. And the cyber events stemming from the Cl0p ransomware gang’s hack of file transfer tool MOVEit hit at least 1,000 organizations and more than 60 million individuals and continue to this day.

Resilience added, “Post-MOVEit, vendor risk increased by 7% to become our clients’ most frequent point-of-failure at 28.9% of our all-time claims, while phishing remains at 23.1%.”

MOVEit represents “an interesting shift” toward cybercriminals exploiting the access provided to trusted third-party vendors, per the report.

“This has significant implications for those defending their organizations and trying to limit financial losses from these actors,” Resilience noted. Vendor risk also presents a particularly costly scenario for insurers, the firm added.

“Supply chain attacks are particularly damaging to both insurance providers and their client base as they are hard to identify and even harder to stop due to the incident taking place at a third-party,” said Resilience. “Because of this, while the MOVEit cases have caused widespread damage across various impacted direct victims, the full downstream scale of the incidents remains unknown.”

Managing Editor Erin Ayers can be reached at erin.ayers@zywave.com