Companies battle rising ransomware threats

Ransomware remains a substantial challenge for organizations, with recently published cyber insurance industry reports showing increased activity by cybercriminals and others.

Companies should institute or continue with diligent efforts to combat such attacks, experts say.

The attacks, which often involve a “threat actor” gaining access to an organization’s system, taking control of sensitive data and then demanding payment with the threat of making the data public, have been an ongoing concern for organizations, particularly over the past five years.

According to a Travelers Cos. Inc. study, there was a 67% increase in the formation of new ransomware groups last year, and the fourth quarter showed the most leak site activity in more than a year, said Lauren Winchester, Philadelphia-based head of cyber risk services at the insurer.

“We analyzed ransomware leak site activity, and it shows a continued increase each quarter, with fourth quarter 2024 up 32% over the prior quarter and, notably, the highest quarter of leak site activity in the past 15 months, with nearly 1,700 victim companies that were posted,” Ms. Winchester said.

“The number of ransomware groups that we’ve seen active on the leak sites has also increased over the past year,” she said.

Cyber insurer Coalition Inc. said in a March report that it forecasts more than 45,000 software vulnerabilities will be published this year and that the most common initial access vectors across all ransomware claims in 2024 were stolen credentials, at 47%, followed by software exploitation at 29%.

“It’s not going away as a problem,” said Daniel Woods, Edinburgh, Scotland-based senior security researcher for Coalition, who is also a lecturer on cybersecurity at the University of Edinburgh.

In some cases, a data security incident can spread beyond the initial target to ancillary victims, he said.

“The impact ripples through society. … You see the spill-on effects. It’s not just that one company suffers in some cases,” Mr. Woods said.

Organizations can employ various defenses against the attacks.

“Brute force” attacks, in which a threat actor attempts to compromise a data system by randomly generating password guesses until one works, can be defeated with the adoption of multifactor authentication, which requires an extra confirmation step after a password. Mr. Woods cautioned, however, that the multifactor authentication must be implemented properly in the appropriate places within a system for it to be effective.

Deploying controls like multifactor authentication can require a five- or six-figure investment, which can be a recurring cost if a business is licensing a software product, said Gwenn E. Cujdik, Exton, Pennsylvania-based manager — North America cyber incident response and cyber services for Axa XL, a unit of Axa SA. Such expenses can often be beyond the reach of small and medium-sized enterprises, she said.

Training programs can be effective, Ms. Cujdik said.

“Helping your insurers better spot phishing incidents; developing policies and procedures on technology application software that your employees can use; how they are authenticating” can go a long way in helping mitigate cyber exposures, she said. “These policies and procedures don’t cost a lot.”

The first step must be to acknowledge and understand the exposure, which not all businesses appear to have done, Ms. Cujdik said.

“From small market all the way to large enterprise, they have convinced themselves that they don’t need cyber insurance,” she said.

Endpoint detection and response is another technology tool that can help businesses combat ransomware, Ms. Winchester said.

By monitoring each user or endpoint on a network for irregular activity, the technology can trigger an alert and help limit the progress of any breach incident or “minimize the blast radius,” she said.

Scanning for unprotected elements of a network that could be exploited easily can also help organizations mitigate ransomware threats, Ms. Winchester said.