Warning of increase in ransomware threats in 2023

Next year could see increased risk of ransomware attacks according to digital security firm Avast. As well as conventional ransomware incidents, research by the brand suggests that there could be optimization of social engineering used in scam attacks, taking advantage of economic hardships and energy crisis fears. The research findings also warn of a possible increase of malicious activity overall, as open-source malware becomes more accessible, and cybergangs recruit hacktivists to join their causes.

Michal Salat, threat intelligence director at Avast, said: “This year, we saw cybergangs threatening to publicly publish their targets’ data if a ransom isn’t paid, and we expect this trend to only grow in 2023. This puts people’s personal memories at risk and poses a double risk for businesses. Both the loss of sensitive files, plus a data breach, can have severe consequences for their business and reputation.”

For businesses, successful ransomware attacks can quickly ramp up to millions of dollars in recovery costs caused by a pause of operations, reimaging devices and incident response programs, and operational costs with hospitals not being able to conduct surgeries or factories halting their production. Avast warns that global sanctions introduced this year could put businesses affected by ransomware in a sticky situation, as they face potential prosecution if they pay ransom demands to groups listed on sanctions lists, for example, ransomware groups based in Russia.

Avast researchers further predict the already professionalized business of cybercrime will become more sophisticated. Cybercrime groups Zloader, Racoon Stealer, and Ursnif came together this year to take advantage of each group’s specializations and focuses to support one another and maximize profits. Avast researchers anticipate this kind of cross-group collaboration could continue.

Additionally, ransomware group Lockbit 3.0 was the first ransomware gang to offer a bug bounty program in the summer, and others will likely follow suit. Bug bounties allow third parties to report new product vulnerabilities to software companies in return for an award. In typical cases, this helps companies make their software secure, protecting themselves and their customers from cybercriminals exploiting vulnerabilities. In this case, however, people are being enticed by a malicious group to help make their ransomware efforts more robust.

Salat added: “Cybercrime has been a growing business for years, but we have started to see open-source malware become more readily available and distributed on platforms like Discord. People, including young people with less technical knowledge, can now get their hands on malware and may be more inclined to join the dark side given current economic hardships.

“We have also seen criminal groups recruiting and paying people money to carry out DDoS attacks, or install ransomware on their employers’ devices, for example. Not only will we see more malicious activities thanks to software as a service, the distribution of software to carry out DDoS attacks, and easily accessible open-source malware, but for some this could be a stepping stone towards a career as a cybercriminal.”

    Share Story:


Modelling and measuring transition and physical risks
CIR's editor, Deborah Ritchie speaks with Giorgio Baldasarri, global head of the Analytical Innovation & Development Group at S&P Global Market Intelligence; and James McMahon, CEO of The Climate Service, a S&P Global company. April 2023

Cyber risk in the transportation industry
The connected nature of the transport and logistics industries makes them an attractive target for hackers, with potentially disruptive and costly consequences. Between June 2020 and June 2021, the transportation industry saw an 186% increase in weekly ransomware attacks. At the same time, regulations and cyber security standards are lacking – creating weak postures across the board. This podcast explores the key risks. Published April 2022.