In its 2023 Ransomware Defense Study, SpyCloud unveiled an in-depth examination of how industry experts and professionals perceive ransomware threats and their entities’ digital preparedness.

The study comprised a comprehensive examination of ransomware incident data sourced from ecrime.ch and SpyCloud’s reservoir of reclaimed records from illicit activities. The findings indicate that entities compromised with data-theft malware, termed “infostealers”, faced a heightened probability of experiencing a ransomware event.

The data underscored that infostealer-related breaches foreshadowed 22% of the ransomware occurrences concerning North American and European entities in 2023. Specifically, prominent infostealers such as Raccoon, Vidar, and Redline intensified the likelihood. Notably, 76% of breaches that paved the way for ransomware incidents were associated with the Raccoon infostealer malware.

Furthermore, the study encompassed feedback from over 300 individuals stationed in critical digital security roles across organizations in the U.S., U.K., and Canada, each boasting a workforce exceeding 500. Although there has been a distinct pivot to enhance defenses against ransomware, a glaring oversight in tackling infostealer malware remains.

Overwhelmingly, 98% of the participants concurred that augmented transparency and mechanized rectification of malware-extracted data could bolster their defenses against ransomware. In the preceding year, there’s been a discernible shift from employee enlightenment and skill-building to adopting technology-centric defensive measures. This includes mechanized rectification of vulnerable passwords and session cookies, the integration of multi-factor authentication (MFA), and the introduction of passwordless verifications like passkeys.

The participants ranked MFA significantly higher than in earlier evaluations, although safeguarding data remains the paramount defense strategy against ransomware in their eyes. Simultaneously, they identified deceptive tactics like phishing and social engineering—typical avenues for malware deployment—as the most precarious avenues of intrusion.

Interestingly, the study also unveiled that in the last year, 81% of the scrutinized organizations encountered at least one ransomware challenge. This includes corporations that marshaled resources, be it technological countermeasures or ransom compensations, to counteract ransomware.

From the insights drawn, it’s evident that detecting and addressing vulnerable authentication data should stand at the forefront for organizations aiming to thwart malevolent players. Yet, a mere 19% of organizations acknowledged giving precedence to enhancing transparency and rectification for data siphoned off by malware.

While a considerable 79% of the examined professionals express faith in their prowess to ward off potential ransomware onslaughts in the forthcoming year, the study highlighted a palpable discord between organizational cyber defense tactics and the evolving strategies of adversaries. The latter now veers towards hijacking sessions via malware-acquired cookies:

• Participants rated surveillance of compromised web session cookies and tokens low on the priority ladder of ransomware defenses.
• From an organizational perspective, stolen cookies were deemed the least hazardous intrusion conduit.
• The mechanization of procedures to fix vulnerable passwords and cookies trailed as the least prioritized authentication measures.

Meta Tags: ransomware, defense report, SpyCloud, inf