New Delhi, India, October 28, 2022 –– Arete, a leading global cyber risk management company, has released the second volume of its Investigative Cybercrime Series in collaboration with cybersecurity research firm Cyentia. The report, titled Reining in Ransomware, explores the most prolific ransomware strains, ransom demand and payment trends, and the implications of data exfiltration.

The data for this research comes directly from nearly 1,500 ransomware events investigated by Arete, exceeding $1 billion in ransom demands. The insights in the report are drawn from thorough examination of tactics, techniques, and procedures (TTPs) employed by the threat actors.

Download Reining in Ransomware.

Key findings within the report:

· Seven of the top ten ransomware strains in 2022 are new, which indicates swiftly changing dynamics among cybercriminals and their campaigns.

· Sixty-one percent of attacks involved infections through the exploitation of poorly secured remote access services. As digitization increases, attacks also evolve.

· The top ten post-compromise techniques each factor into more than 50 percent of ransomware incidents.

· Ransomware demands were five times higher when data exfiltration is involved. That is happening six times more often in 2022 than in 2019.

The report offers actionable takeaways for insurers and their insureds on how to help protect against today’s most prolific cyber threats. The top 20 ransomware families account for a large majority of incidents, meaning there’s an opportunity to greatly reduce risk by encouraging organizations to create a focused defense strategy. In today’s hybrid world, where organizations are more connected than ever, it is essential to build a robust security infrastructure. Arete recommends a few security practices that can protect businesses from ransomware attacks, including network segmentation, multi-factor authentication (MFA), and behavior prevention at the endpoint.

“Ransomware incidents have increased over the past few years, and attackers are also innovating their techniques to target businesses, which makes detection and recovery more challenging than ever,” said Arete’s Chief Data Officer Chris Martenson. “In this report, we highlighted insights to educate organizations on attack developments and how they can tackle them. In today’s digital-first world, it is pivotal for companies to build cybersecurity teams in-house or collaborate with a third-party security partner to be prepared for the evolving threat landscape,” Martenson added.

In the first report of this series, Mitigating Ransomware’s Impact, Arete shared data-driven insights on ransom demands and payments, victims’ industry and implemented controls, likelihood to pay, and reasons for payment. The report dove into how data has helped Arete negotiate ransoms down by up to 93 percent, with all the requested recovery tools and reports successfully delivered to the client. Reining in Ransomware builds on these initial insights.