The ransomware attacks can emanate from anywhere, anytime. And the groups launching the attacks can show up under different banners. Image Credit: AFP

While countries are recovering from a once-in-lifetime pandemic, businesses have been battling ever-increasing cyber and ransomware attacks. The average ransom payment in second quarter of 2021 decreased by 38 per cent to $136,576 from the first three months of the year.

Since the third quarter of 2020, where the average payment peaked at nearly $250,000, the changes every quarter have been dramatically different. Many factors play a part in the global ransomware scene and, here, we will dissect the potential influencers.

The cybersecurity industry has been touted by many as unpredictable, and for good reason. Since the only constant in cybersecurity is change, it is a fast-paced environment. Cybersecurity professionals are always discovering and eradicating malware from your networks as they work against these threat actors.

Shoot and scoot

Cyberattacks happen anytime, anywhere, and to anyone, so there are several ways to view the reason behind why ransomware activity can be unpredictable. First, those in the industry claim the incidents they respond to is what makes ransomware attack activity so unpredictable. For instance, it can be how a particular ransomware group targets a specific industry, but then in the same month, they target a different industry.

Another theory as to why ransomware attack activity is unpredictable is the secondary effects of a global crisis. The pandemic has drastically shaped the world of today. As unpredictable as it was last year, it has taught a lesson to all. For the cybersecurity industry, it showed how influential current events are for any organization. SpearTip recorded an increase in Incident Response (IR) cases during the peak of the pandemic.

Having most, if not all, the workforces at home allowed threat groups to easily target and attack environments. Organizations were not ready and/or equipped to handle what it takes to work from home securely. As a result, vulnerabilities were exposed and attacked, causing business disruption, negative press, or a ruined reputation.

Organizations are still in the process of obtaining a strong structure and policy in place. Some lack the necessary resources to do so either in-house or externally.

With heightened awareness from many law enforcement agencies, some threat groups have vanished or had affiliates arrested. Although, it’s not always clear why threat groups do what they do. For example, the REvil group removed their leak site and hasn’t taken responsibility for any other incidents after they attacked IT solutions provider Kaseya.

Off the radar

The group responsible for the Colonial Pipeline attack, DarkSide, also stopped attacks when they retired following increased pressure. It’s important to note that these groups will likely resurface and continue to be a threat to global business.

Whether they rebrand and use a different group name to stay out of the focus of law enforcement or continue using the same alias, there are always new affiliates they can recruit to continue generating revenue. Threat actors’ ability to congregate over the internet means the response must be just as calculated and precise as threat actors are when trying to infiltrate your networks.

In all, ransomware activity is innately human in nature. Because of this, just like other human behavior, it is constantly being pulled by socioeconomic standards and constantly changing. Over time, threat actors have become more sophisticated and quickly adapt to corporations’ defensive posture, requiring constant vigilance.