Small and medium businesses are not safe from these attacks. Some affiliates are specialized in targeting the SMB segment, often using different initial vectors than for enterprises. Ransom is based on revenue, and a small company with robust revenue is the perfect target. When choosing the victims, threat actors can also increase the pressure by focusing on industries where downtime has serious implications to business, for example, manufacturing. MSP, MDR, and other managed security services should be used to complement your own security teams.
Finally, global leaders, the private sector, and law enforcement agencies can disrupt the relationship between ransomware operators and affiliates. For example, releasing decryptors is not only impacting the cash flow of ransomware groups, but it’s also very damaging to their reputation in the underground. Global threats should trigger a global response, as recently seen with operation GoldDust—a global collaboration between 19 law enforcement agencies and the private sector that shut down REvil operations in 2021.
Ransomware still looms large
The year 2022 is going to be the year of ransomware again. And it will stay that way until we start paying attention to the latest trends on the other side of the front. If we