The report reveals insights into the latest tactics of ransomware gangs; financial, geographical, and industry impacts based on data gathered from Unit 42 investigations.
MANILA, PHILIPPINES—Palo Alto Networks found that ransomware and extortion cases in the Philippines increased by 57.4% in 2022 with 11 reported cases across key sectors. Threat actors are utilizing more aggressive tactics to pressure organizations, with harassment being involved 20 times more often than in 2021, according to Unit 42™ incident response cases.
This harassment is
typically carried out via phone calls and emails targeting a specific
individual, often in the C-suite, or even customers, to pressure them into
paying a ransom demand. The 2023 Unit 42 Ransomware and Extortion Report
shares insights compiled based on findings from Unit 42’s incident response
work from approximately 1,000 cases throughout the past 18 months.
●
The Philippines took up the 4th spot in Southeast Asia, alongside
Malaysia, with 11 reported ransomware attacks and a 57.4% surge, accounting for
around 12% of the attacks in the region
●
Manufacturing, Professional & Legal Services, and State
& Local Governments remained the most targeted sectors in the Philippines
●
The Philippines trailed behind Thailand (28), Singapore (18), and
Indonesia (14), in the list of the most attacked countries, and was ahead of
Vietnam (9).
●
The total number of ransomware attacks in APAC increased by 35.4%
to 302.
●
Globally, ransomware demands continued to be a pain point for
organizations this past year, with payments as high as US$7 million (PHP 383M)
in cases that Unit 42 observed
●
The global median demand was US$650,000 (PHP 35.5M), while the
median payment was US$350,000 (PHP 18.9M), indicating that effective
negotiation can drive down actual payments
Key trends from the report include:
Attackers
Add Pressure with Multi Extortion
Ransomware groups have been observed layering extortion techniques for greater impact, with the goal of applying more pressure on organizations to pay the ransom. Some of these tactics include encryption, data theft, distributed denial of service (DDoS), and harassment. Data theft, which is often associated with dark web leak sites, was the most common of the extortion tactics, with 70% of groups using it by late 2022 — a 30 percentage point increase from the year prior.
Leak
Sites Drip with Data
Every day, Unit 42 researchers see an average of seven new ransomware victims posted on leak sites — equating to one new victim every four hours. In fact, in 53% of Unit 42’s ransomware incidents involving negotiation, ransomware groups have threatened to leak data stolen from organizations on their leak site websites. This activity has been seen from a mix of new and legacy groups, indicating that new actors are entering the landscape to cash in as legacy groups have done. Established groups like BlackCat, LockBit, and others contributed to 57% of the leaks, with new groups trailing close behind with 43%.
Ransomware
Groups Attack Society’s Most Vulnerable
There have been many notable attacks in the past year from ransomware groups, with a particular spike in attacks on schools and hospitals, demonstrating how low these actors are willing to stoop in their attacks. This includes the attacks from Vice Society, which was responsible for the data leaks from several major school systems in 2022. The group continues to be active in 2023, with nearly half of the incidents posted to their leak site impacting educational institutions.
In 2022, 30
organizations on the Forbes Global 2000 list were publicly impacted by
extortion attempts. Since 2019, at least 96 of these organizations have had
confidential files publicly exposed to some degree as part of attempted
extortion. At least 75% of ransomware attacks fielded by Unit 42’s Incident
Response team resulted from attack surface exposures.
About Palo Alto Networks
Palo Alto Networks is the world’s cybersecurity leader. We innovate to outpace cyberthreats, so organizations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we’re committed to helping ensure each day is safer than the one before. It’s what makes us the cybersecurity partner of choice.
At Palo Alto Networks, we’re committed to
bringing together the very best people in service of our mission, so we’re also
proud to be the cybersecurity workplace of choice, recognized among Newsweek’s
Most Loved Workplaces (2021 and 2022), Comparably Best Companies for Diversity
(2021), and HRC Best Places for LGBTQ Equality (2022). For more information,
visit www.paloaltonetworks.com.