According to cyber security experts, the multibillion-dollar ransomware industry is still going strong. During a recent interview on the Public Key podcast, Andrew Davis, the general counsel at Kivu Consulting, gave his opinion on how ransomware groups have transformed their techniques.
Davis added that while last year witnessed ransom demands of over a billion dollars, one emerging pattern is stealing data before it is encrypted thereby exposing the company’s trade secrets and intellectual properties. “It’s not just about decrypting files anymore,” Davis said. “They’re threatening to leak sensitive data to extort payments”
Despite law enforcement agencies recently dismantling major ransomware gangs like LockBit or BlackCat, according to Davis, the groups quickly adapt. “We’ve seen them instruct affiliates not to negotiate anymore after these takedowns, trying to maximize revenue” he said.
In short, the biggest vulnerability comes from human mistakes such as social engineering and unpatched software vulnerabilities which account for most initial access vectors. However, Davis cautioned against an increasing level of social engineering sophistication involving AI image manipulation in order to introduce more threats.
While two-thirds of Kivu’s clients refused to pay ransoms last year, it is very challenging to recover without backups. It’s a hard choice with no perfect solution,” Davis said, urging companies to put in place strong security controls and multi-factor authentication.
However, law enforcement cooperation still faces challenges despite improvements as victims ponder over the risk of prosecution versus the need for swift resolution of crippling attacks. “There’s still some trust to be rebuilt”, Davis acknowledged.
As the ransomware threat continues to evolve, businesses and individuals must stay vigilant and prioritize cybersecurity measures.