Netragard is trusted by leading brands and featured in major publications for a reason: decades of hands-on experience and advanced research drive every engagement, uncovering risks that scanners and AI miss. Each assessment delivers detailed, prioritized findings and practical, tailored guidance enabling clients to improve real-world security where it matters most. Organizations trust Netragard’s expert team to help them face emerging threats with confidence while meeting compliance requirements along the way.

Table of Contents

Ransomware Takes Center Stage in October 2023

Month in Review - Oct 2023

October was National Cybersecurity Awareness Month, during which organizations published best practices for protecting individuals and businesses against cyberattacks. Advice on the use of strong passwords, multi-factor authentication (MFA), virtual private networks (VPNs), and similar security tools were at the forefront of the cybersecurity awareness materials.

While companies also faced a wide range of cyberattacks this October, ransomware stood out from the crowd. Multiple high-profile attacks cost companies millions, and the FBI recently issued a special warning about dual ransomware attacks.

The Evolving Ransomware Threat

Ransomware originally started as an attack where malware would encrypt data, rendering it unreadable to its owner. To restore access to the data, the victim would need to pay a ransom to purchase the decryption key or decryption software used to reverse the malicious transformations.

In recent years, ransomware attacks have evolved to focus more on data theft rather than data encryption. While data is still often scrambled, today’s variants of ransomware steal it, and then cybercriminals demand a ransom to not publicly leak the information or sell it on the black market.

This attack vector has become highly profitable for cybercriminals, with over 83% paying the ransom. In more than half of these cases, the attack netted a ransom of at least $100,000.

Major Ransomware Headlines

The growing ransomware threat also prompted the FBI to issue a new warning on ransomware with the focus on dual ransomware attacks which leverage multiple variants at once, combining data encryption with data theft. Also, ransomware groups were increasingly using data wipers — which permanently delete valuable data — as a negotiating tactic to force victims to pay up.

The International Counter Ransomware Initiative also kicked off on October 31stand focused on fighting the ransomware threat by rendering it unprofitable. An alliance of 40 countries agreed to sign a pledge to no longer pay ransoms. The initiative also focused on sharing threat intelligence and leveraging AI to help identify and fight ransomware attacks.

Ransomware Highlights of October 2023

Ransomware has been a major threat for years now. However, in October 2023, ransomware groups bagged some large targets and launched expanded attack campaigns:

Protecting Against Ransomware Attacks

One of the biggest challenges of managing the ransomware threat is that different ransomware groups use various means to spread their malware. For example, the LockBit group and its affiliates are known for exploiting zero-day vulnerabilities, using stolen credentials, and performing phishing attacks to gain access to target networks. Other groups, like PLAY might also conduct password spraying attacks against VPN and RDP servers leveraging credential dumps stolen from other sites.

With holidays around the corner staying ahead of the curve requires a deep understanding of the hacker’s mindset. Netragard’s elite penetration testers embody this mindset by proactively identifying and closing critical security gaps, shielding your organization from the devastating impact of ransomware attacks. Don’t let your organization become the next victim. Contact us today to safeguard your digital assets against the relentless threat of ransomware.

Adriel Desautels

Adriel Desautel Profile Picture
Founder & Chief Executive Officer
Divider

Adriel is a recognized leader in the information security industry with over 20 years of professional experience. In 1998, he founded Secure Network Operations, Inc., home to the renowned SNOsoft Research Team, which helped shape today’s best practices for responsible vulnerability disclosure. Adriel pioneered the zeroday Exploit Acquisition Program (EAP), later integrated into Netragard, and has served as an expert witness in US Federal court.

In 2006, Adriel founded Netragard to deliver high-quality, realistic threat penetration testing, now known as Red Teaming, and has since expanded its offerings to include mobile application security, source code reviews, web application assessments, and more. As the primary architect behind Netragard’s innovative services, Adriel continues to push the boundaries of research-based cybersecurity.

Frequently sought as a subject matter expert, Adriel has been featured by Forbes, The Economist, Bloomberg, Ars Technica, Gizmodo, The Register, and has appeared in documentaries and authoritative books such as “Unauthorized Access” and “This Is How They Tell Me the World Ends.” He is also a seasoned public speaker, presenting at leading conferences like Blackhat USA, InfoSec World, BSides, and the NAW Billion Dollar CIO Roundtable.