Ransomware attacks were analyzed in a recent report by Delinea. According to the report, the number of organizations claiming to have been a victim of ransomware in the past 12 months more than doubled since last year, from 25% to 53%. Mid-sized companies appeared to be in cybercriminals' crosshairs the most, with 65% stating they've been a ransomware victim over the past 12 months. Organizations are also paying ransoms more frequently, up to 76% from 68% the prior year.
Data exfiltration registered a surge of 39% (reported by 64% of respondents, up from 46%) and became a preferred goal for the attackers, who are now gaining control of a company's network to download sensitive data to sell on the darknet. As their main goals changed, cybercriminals modified their tactics and moved away from using email as a preferred attack vector (down from 52% to 37%), targeting cloud (44%) and compromised applications (39%) instead.
While 91% indicated they have specific budget allocations for ransomware, up from 68% in 2022, 61% (down from 76%) said security budgets were allocated following an attack, which could be due to economic uncertainty or tighter budgets. Despite feeling they could bolster defenses by spending more on critical areas like Privileged Access Management (28%, up from 16%), respondents seemed to lack clarity on how increased spending would help improve security. On a positive note, executives and boards are now listening as 76% reported that their leadership is concerned about ransomware.
Read the full report here.