A brand new report from Sophos discovered that ransomware assaults accounted for over 90% of incident response instances involving medium-sized companies in 2024, in addition to 70% of instances involving small companies.
“Whereas the general variety of incidents in 2024 was barely down—partially due to higher defenses and the disruption of some main ransomware-as-a-service operators—ransomware-related crime just isn’t fading away,” Sophos says.
“If something, the techniques of ransomware actors are evolving to be sooner on the assault and extra prepared to extort the sufferer over stolen information once they fail to encrypt the sufferer’s recordsdata. Typically the attackers don’t even trouble attempting to encrypt the recordsdata.”
The researchers word a 50% enhance in the usage of ransomware designed to execute from units that aren’t monitored by technical defenses.
“When attackers do run ransomware, it’s typically finished from exterior of the detection vary of endpoint safety software program—that’s, from an unmanaged machine both remotely or instantly linked to the focused community,” the researchers write. “These ‘distant’ ransomware assaults use community file-sharing connections to entry and encrypt recordsdata on different machines, so the ransomware by no means executes on them instantly. This could conceal the encryption course of from malware scans, behavioral detection, and different defenses.”
The report additionally noticed a rise in enterprise e-mail compromise (BEC) assaults, pushed by credential phishing assaults that may bypass multi-factor authentication.
“Enterprise e-mail compromise exercise is a rising proportion of the general preliminary compromises in cybersecurity incidents—leveraged for malware supply, credential theft, and social engineering for quite a lot of felony functions,” Sophos says. “One of many drivers of enterprise e-mail compromise is the phishing of credentials with adversary-in-the-middle multifactor authentication (MFA) token seize, a continuously evolving menace.”
KnowBe4 empowers your workforce to make smarter safety choices every single day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human threat.
Sophos has the story.
