Ransomware isn’t going anywhere… in fact, it’s only growing. As several studies show, the threat of ransomware associated with attacks like phishing and APTs is only increasing, and hacking groups are leveraging ransoms to generate significant revenue while also threatening proprietary data.
The latest threat, the Rhysida malware, is just the latest of these threats tearing through the healthcare and financial industry.
What Is the Rhysida Malware?
Rhysida ransomware is a significant and emerging threat in the cybersecurity landscape, gaining attention for its attacks on organizations worldwide, including high-profile incidents like the compromise of the Chilean Army and healthcare organizations in various countries.
Rhysida ransomware typically infiltrates systems through phishing attacks. Once inside, it employs tools like Cobalt Strike and PowerShell scripts for lateral movement and to execute its payload.
The ransomware is known for using a 4096-bit RSA key and AES-CTR for file encryption, appending the .rhysida extension to encrypted files. The ransom note presented by Rhysida is somewhat unique, disguising itself as an alert from a “cybersecurity team” and offering assistance to victims in identifying security weaknesses.
Following this, the ransomware uses tasks for persistence and modifies registry keys to drop ransom notes. Before encrypting files, Rhysida exfiltrates sensitive data from the victim’s system, which is then used for double extortion.
The ransomware has been observed to be in active development, with its operators updating scripts and tools to enhance its effectiveness. Despite its growing scale of activities, Rhysida’s locker still needs to be in the early development stages, missing some standard features found in more mature ransomware strains.
The Growth of Ransomware in 2023
Ransomware attacks significantly increased in 2023, with some alarming trends and statistics emerging across various industries.
- The first quarter of 2023 experienced a surge in ransomware compared to 2022. Q1 2023 saw 831 ransomware victims, exceeding the 763 victims in 2022. LockBit3.0, a prominent ransomware group, was responsible for nearly 33% of all ransomware cases.
- Malwarebytes reported 1,900 ransomware attacks across the US, Germany, France, and the UK in a year. The United States accounted for 43% of all global attacks, with ransomware attacks in France nearly doubling in the last five months.
- Ransomware attacks have increased by over 37% in 2023. This rise is accompanied by a significant increase in average ransom payments by enterprises, exceeding $100,000, with an average demand of $5.3 million.
Additionally, there have been specific changes in ransomware growth that depend on the industry:
- Healthcare: The healthcare industry has seen a dramatic increase in ransomware attacks. An average of 64.8% of healthcare data was restored after paying ransoms, and ransomware attacks targeting healthcare delivery organizations doubled from 2016 to 2021
- Education: The education sector, notably higher education institutions, reported the highest number of ransomware attacks, with 79% of surveyed institutions affected. The average data breach cost in this sector in 2023 was $3.65 million.
- Finance: The financial industry has experienced a rise in ransomware attacks, with attacks increasing from 55% in 2022 to 64% in 2023. This industry’s average data breach cost in 2023 was $5.90 million.
A Multifaceted Defense for Protecting Against Ransomware
For those well-versed in the intricacies of cybersecurity, here’s an arsenal of advanced strategies to thwart ransomware before it becomes a problem:
- Endpoint Detection and Extended Detection Response (EDR/XDR): These tools transcend traditional antivirus by employing behavioral analysis and machine learning to sniff out anomalies indicative of a ransomware attack, even for novel threats.
- Zero Trust Architecture: Trust No One, Secure Everything. Zero trust eliminates the inherent trust in users and resources, constantly verifying access and minimizing the attack surface. Even if an initial breach occurs, the damage is contained, preventing ransomware from running rampant.
- Advanced Threat Intelligence: Knowledge is power, especially in cybersecurity. Advanced threat intelligence gives you the insights to anticipate and thwart attacks before they materialize. It’s like having a crystal ball for cyber threats, giving you the foresight to prepare your defenses and stay ahead of the curve.
- AI and Machine Learning for Predictive Analytics: AI and machine learning are the Einsteins of cybersecurity, analyzing vast amounts of data to identify patterns and anomalies that might escape the human eye. They’re the seers of the digital world, predicting potential ransomware attacks before they strike, giving you the critical edge to take preventive action.
- Segmentation and Microsegmentation: Imagine a network divided into smaller, walled-off gardens. That’s the essence of segmentation and micro-segmentation. By compartmentalizing your network, you limit the lateral movement of ransomware. Even if one section falls victim, the others remain secure, preventing the infection from spreading.
- Data Backup and Recovery Plans: Regular, secure backups protect against ransomware’s data-crippling grip. Store these backups offsite or in a cloud environment, away from the primary network. A secure backup can restore your data without succumbing to the attacker’s demands.
- Advanced Email Filtering: Deploy advanced email filtering systems that meticulously analyze email content and metadata, sniffing out even the subtlest phishing cues that might deceive the human eye. Remember, vigilance is key in this digital battlefield.
- Incident Response Planning: You need a well-defined incident response plan for ransomware attacks. This plan should outline clear steps for containment, eradication, and recovery. Regularly conduct simulations to ensure your team is prepared to act swiftly and effectively, minimizing the damage from an attack.
An ounce of prevention is worth a pound of cure. You can build a robust defense against the ever-evolving ransomware threat by employing these advanced strategies before problems take shape.
Keep Your Organization On Top of Ransomware Threats with Continuum GRC
Want a solution that can help you monitor compliance controls across your organization? Trust Continuum GRC.
Continuum GRC is a cloud platform that can take something as routine and necessary as regular vulnerability scanning and reporting under FedRAMP and make it an easy and timely part of business in the public sector. We provide risk management and compliance support for every major regulation and compliance framework on the market, including:
- NIST 800-53
- FARS NIST 800-171
- SOC 1, SOC 2
- PCI DSS 4.0
- IRS 1075
- COSO SOX
- ISO 27000 Series
- ISO 9000 Series
- And more.
We are the only FedRAMP and StateRAMP-authorized compliance and risk management solution worldwide.
Continuum GRC is a proactive cyber security® and the only FedRAMP and StateRAMP-authorized cybersecurity audit platform worldwide. Call 1-888-896-6207 to discuss your organization’s cybersecurity needs and find out how we can help your organization protect its systems and ensure compliance.