According to cybersecurity experts, the multi-billion dollar ransomware industry is still going strong. In a recent interview with the Public Key podcast, Andrew Davis, general counsel at Kivu Consulting, shared his thoughts on how ransomware groups have changed their methods.
Davis added that there were more than $1 billion in ransom demands last year, but a new pattern is that thieves are stealing data before it's encrypted, exposing companies' trade secrets and intellectual property. “They're not just decrypting files anymore,” Davis said. “They're threatening to leak sensitive data to extort a ransom.”
According to Davis, despite law enforcement's recent takedowns of major ransomware gangs like LockBit and BlackCat, these groups are quick to adapt: ”We've seen these groups instruct partners not to negotiate further after these takedowns in an attempt to maximize revenue,” he said.
That means the biggest vulnerabilities come from human error, such as social engineering and unpatched software vulnerabilities, which account for the majority of initial access vectors, but Davis warns that more sophisticated social engineering, including AI-driven image manipulation, is posing an additional threat.
“Two-thirds of Kivu's customers refused to pay the ransom last year, but without backups it is extremely difficult to recover. There are no perfect solutions and it's hard choices,” Davis said, urging businesses to implement strong security controls and multi-factor authentication.
But despite the improvements, law enforcement cooperation still faces challenges as victims weigh the risk of prosecution against the need for quick resolution to devastating attacks. “We still have to rebuild trust,” Davis acknowledged.
As ransomware threats continue to evolve, businesses and individuals must remain vigilant and prioritize their cybersecurity efforts.
