Ransomware is Being Used As a Precursor to Physical War: Ivanti

Ransomware has grown by 466% since 2019 and is increasingly being used as a precursor to physical war.

The findings come from Ivanti's Ransomware Index Report Q2–Q3 2022, which the company shared with Infosecurity earlier today.

The data also shows ransomware groups continuing to grow in volume and sophistication, with 35 vulnerabilities becoming associated with ransomware in the first three quarters of 2022 and 159 trending active exploits.

Further, the Ivanti report highlighted 10 new ransomware families compared to the previous quarter: Black Basta, BianLian, BlueSky, Play, Hive, Deadbolt, H0lyGh0st, Lorenz, Maui and NamPoHyu. These bring the total to 170.

From a geographical perspective, Russia has been at the forefront of the malware families discovered, with 11 advanced persistent threat (APT) groups, followed closely by China with eight and Iran with four. 

According to the Ivanti report, hostile governments increasingly use state-sponsored threat groups to infiltrate, destabilize and disrupt operations in their target countries. In many of these attacks, ransomware is being used as a precursor to physical warfare, as shown in the recent Russia–Ukraine war.

Regardless of geography, Ivanti has also said ransomware attackers increasingly rely on spear phishing techniques to lure unsuspecting victims into delivering their malicious payload, as in the case of the Pegasus spyware.

In terms of new ransomware vulnerabilities, the cybersecurity company spotted two: CVE-2021-40539 and CVE-2022-2613. Both have reportedly been exploited by ransomware families such as AvosLocker and Cerbe.

The report has also revealed that 47.4% of ransomware vulnerabilities affect healthcare systems, 31.6% energy systems and 21.1% critical manufacturing.

"IT and security teams must urgently adopt a risk-based approach to vulnerability management to better defend against ransomware and other threats," explained Srinivas Mukkamala, chief product officer at Ivanti.

The executive said this includes leveraging automation technologies that can correlate data from diverse sources but also measure risk, provide early warning of weaponization, predict attacks and prioritize remediation activities. 

"Organizations that continue to rely on traditional vulnerability management practices, such as solely leveraging the [National Vulnerability Database] NVD and other public databases to prioritize and patch vulnerabilities, will remain at high risk of cyber-attack," Mukkamala concluded.

Case in point, it was recently revealed that a local government authority in London had been forced to spend over £12m ($11.7m) to help it recover from a devastating ransomware attack.

What’s Hot on Infosecurity Magazine?