Acronis Cyberthreats Report: Ransomware dominates the threat landscape

Acronis
Acronis Cyber Protect Cloud
for service providers
Other languages available: 日本語

The world of cybercrime evolves quickly, and staying ahead of the curve can feel like an impossible task. Fortunately, you’ve got the experts at our global network of Acronis Cyber Protection Operation Centers (CPOCs) on your side.

Based on original research — including data collected from over 700,000 unique endpoints distributed around the world — we’ve examined major cybercrime gangs, explored the inner workings of dominant malware threats, and issued our recommendations to better protect yourself today. The results have been compiled into the Acronis Cyberthreats Report Mid-year 2022, a free resource for our customers and partners.

Here’s a quick overview of some key trends we’ve observed in the first half of 2022:

1)     Ransomware groups are wreaking havoc globally

In our previous report, we predicted that ransomware would continue to dominate the cyberthreat landscape into 2022. Not only did this turn out to be true, it may have been an understatement.

While the number of active ransomware gangs has dropped following a concerted global effort by law enforcement agencies, those who remain in operation have already done significant damage this year. Together, the infamous Conti and LockBit gangs were behind 58% of all publicly reported ransomware incidents in Q1 2022. The threat has become so severe that the U.S. Department of State is offering up to $15 million for information that helps to identify and locate Conti’s leadership team and co-conspirators.

Major ransomware events of 2022 so far have included:

  •  A series of cyberattacks by the Conti gang against government services in Costa Rica, forcing shutdowns and prompting President Rodrigo Chaves to declare a national emergency.
  • Several headline-generating attacks against major international tech corporations from the Lapsus$ gang — many members of which were teenagers.
  • The release of LockBit 3.0, which included the first official ransomware bug bounty program — a popular tactic among legitimate developers for rapidly improving software security and effectiveness.

The full report expands on these events and contains detailed analyses of some of today’s most dominant ransomware threats.

2)      Phishing remains the most common vector of infection

Malicious emails, generally designed to trick recipients into clicking unsafe links or opening malware-laden attachments, have long been the primary vector for ransomware delivery and other cyberattacks. This hasn’t changed in 2022.

Based on data from Perception Point (with whom we partnered to create the Advanced Email Security pack for Acronis Cyber Protect Cloud) and our own telemetry, the full report showcases some interesting statistics, as well as phishing trends and major events on a global scale.

Phishing campaigns continue to present as though originating from trusted brands, with Microsoft, Gmail, DHL and Facebook among the most commonly impersonated. The average incoming message was found to contain 2.7 files/URLs, any one of which could pose a potential threat to an organization. Acronis’ Cyber Protection Operation Centers (CPOCs) blocked 21,150,710 phishing and malicious URLs in Q2 2022 — a 10% spike over Q1’s total of 19,151,211.

Unfortunately, a portion of emails with malicious content will inevitably make it past basic email filters and reach users’ endpoints. Cybercriminals are constantly finding new ways to obfuscate their payloads — another reason why it’s so important to take a multi-layered approach to your security.

3)      Cryptocurrencies are under attack

While the value of most cryptocurrencies has dropped significantly since last year, they remain tempting assets for cybercriminals to steal. Just in the last few months, we’ve seen some of the largest-scale cryptocurrency hacks in the industry’s history:

  • In March, the Lazarus APT group stole 173,600 Ethereum (ETH) and 25.5 million USD Coins (USDC) from the Ronin cross-chain bridge. The attackers used hacked private keys to forge these transactions.
  • In June, hackers exploited a smart contract bug on the Maiar Exchange — one of Eldrond’s decentralized cryptocurrency exchanges (DEX) — to withdraw more than 1.65 million EGLD tokens.
  • Also in June, blockchain firm Harmony lost $100 million in crypto assets in a cyberheist that the FBI is now investigating in tandem with several cybersecurity companies. Blockchain security firm Elliptic has assessed that the Lazarus APT group is responsible for this attack.

In addition to smart contract exploits, there has been an uptick in malware that specifically aims to steal user credentials and secret recovery phrases for online cryptowallets. Some targeted phishing campaigns are even going after owners of offline, or “cold” wallets. Another well-established threat is malware that covertly replaces any wallet address copied to your clipboard, causing victims to accidentally transfer funds to accounts controlled by cybercriminals.

A big challenge with cryptocurrencies is that stolen funds often cannot be recovered. The decentralized nature of the industry means there is no central entity that can reverse a transaction and return your coins. If you or your business are investing in cryptocurrency, we highly recommend researching your choice of currency carefully and storing these funds in an offline wallet to maximize their safety.

Staying safe against the rising tide of cybercrime

Cybercriminals often demand a ransom from their victims (or simply steal funds directly). But these damages are frequently surpassed by less-direct losses.

Attacks may cause significant downtime and other service-level breaches, impairing the victim’s ability to conduct business and severely damaging their reputation. Cybercrime was responsible for about 36% of corporate downtime in 2021, while the FBI attributed a total loss of $2.4 billion to business email compromise (BEC) incidents.

One thing should be clear: cybersecurity is not optional for any organization. And traditional approaches are failing. That’s why we advocate for cyber protection — the integration of data protection and cybersecurity, and a necessity for safe business operations in the modern era.

These topics and more are sure to arise at the Acronis #CyberFit Summit 2022 in Miami, this November 7–9. Join us for innovations and insights from some of the world’s greatest MSP and IT leaders, as well as results-focused sessions designed to help you thrive in an uncertain landscape.

For more on the key cybersecurity and threat trends of 2022, including a deep examination of some of today’s most dangerous ransomware threats and plenty of actionable tips to stay safe, read the full Acronis Cyberthreats Report Mid-year 2022 today.

About Acronis

A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.