The level of reported ransomware incidents doesn’t paint an accurate picture of what’s really going on, as the unwillingness of many victims to talk about what happened to them makes it difficult to find out what’s really going on, the European Union’s cybersecurity agency has warned.
Following an analysis of 623 ransomware incidents between May 2021 and June 2022, the ENISA threat landscape report for ransomware attacks warns that “the findings are grim” as ransomware becomes more efficient and is causing more devastating attacks.
Ransomware presents a massive cybersecurity challenge, with many victims feeling as if they’ve got no other choice but to pay potentially millions in Bitcoin to free their data. But very few victims ever talk about what happened, with ENISA noting “publicly reported incidents are only the tip of the iceberg”.
SEE: Ransomware: Why it’s still a big threat, and where the gangs are going next
According to ENISA, it wasn’t possible to confirm whether a ransom was paid in 94.2% of all the incidents they analysed, something that the agency says “limits our understanding and thus our ability to perform a proper analysis and mitigate the threat of ransomware”.
That isn’t the only aspect of ransomware that is going underreported and it’s making tracking incidents difficult as the report warns that many victims just don’t report they’ve been a victim of a ransomware attack because they “prefer to deal with the problem internally and avoid bad publicity”.
That leads to a lack of reliable data when it comes to painting a true picture about the state of ransomware attacks.
“The lack of reliable data from targeted organisations makes it very hard to fully understand the problem or even know how many ransomware cases there are,” warns the report, which suggests the most reliable sources for finding out who has been a victim of a ransomware attack are the leak sites of cyber-criminal ransomware groups who publish data stolen in the attack.
This lack of transparency also means that it’s difficult to investigate, analyze and learn lessons about how attacks work, hampering efforts to help protect other businesses from falling victim to similar incidents.
Public statements on what happened during attacks are rare, and in the few cases that are spoken about publicly, they often don’t include details.
“Ransomware is thriving, and our research shows that threat actors are conducting indiscriminate attacks. Companies of every size across all sectors are affected. Anyone can become a target. We urge organisations to prepare for ransomware attacks and consider possible consequences before attacks occur,” the ENISA paper said.
Steps that organisations can take to help protect their network from ransomware and other cyber threats include ensuring that users aren’t using easy-to-guess common or default passwords, as well as providing all users with multi-factor authentication, so in the event that a password is stolen or a network is breached, it’s harder for an intruder to abuse that access.
It’s also recommended that security updates are applied as soon as possible to prevent cyber criminals from exploiting unpatched vulnerabilities to help launch ransomware attacks.