No one will be surprised to hear that ransomware is, once again, on the rise. The last two years have seen a stratospheric increase in both the frequency and sophistication of attacks. In a just-released report from Ivanti, Cyber Security Works and Cyware, 2021 closed out with alarming statistics including a 29% increase in CVEs associated with ransomware, and a 26% increase in ransomware families compared to the previous year. The report identified 32 new ransomware families in 2021, bringing the total to 157 and representing a 26% increase over 2020. 

And yet, it’s not just simply a question of how many CVEs and ransomware families we’re seeing. It’s also how they’re being leveraged, and who is most at risk. 

Ivanti’s report reveals several patterns that businesses need to be aware of in order to maximize defenses against threats. 

Pattern #1: Unpatched vulnerabilities 

While threat actors are sophisticated, they’re also opportunistic. Unpatched vulnerabilities remain the most prominent attack vectors exploited by ransomware groups. Of the 65 new vulnerabilities identified by our analysis, more than one-third were actively trending on the dark web and repeatedly exploited. More than half of the 223 older vulnerabilities are still being targeted as well. The lesson: organizations need to prioritize and patch weaponized vulnerabilities based on what’s being targeted, whether those vulnerabilities are new or old. Since manually keeping up with patching every vulnerability isn’t realistic, it’s critical to embrace automated, risk-based patch intelligence so the highest-priority vulnerabilities get the attention they need. 

Pattern #2: Exploitation of zero-day vulnerabilities 

Has your organization been waiting to act until CVEs are added to the National Vulnerability Database? If so, unfortunately, you’re already behind. Threat actors are acting so quickly that they’ve been repeatedly leveraging zero-day vulnerabilities that haven’t even made it to the database yet. This dangerous trend highlights the need for solutions that can identify and remediate even zero-day vulnerabilities – and the need for vendors to be agile and transparent in disclosing vulnerabilities and releasing priority-based patches. 

Pattern #3: Supply chain attacks 

Ransomware groups are increasingly targeting supply chain networks to inflict major damage and cause widespread chaos. Just one compromise in the supply chain can snowball into the hijacking of complete system distributions across hundreds of victim networks. Last year, threat actors compromised supply chain networks via third-party applications, vendor-specific products, and open-source libraries. The takeaway: If you’re involved in supply chain, additional vigilance and, again, risk-based, prioritized patching is essential. 

Pattern #4: Ransomware-as-a-Service 

Ransomware-as-a-Service sounds like a parody, but it’s a real thing – and it’s on the rise. This business model involves ransomware developers offering their services, variants, kits or code to other malicious actors in return for payment. The sharing of ransomware services accelerates the spread of threats – and makes it more difficult to track down the threat’s origin.  

If this sounds like a lot of unpleasant news, that’s because it is a lot of unpleasant news. The upside: threat actors are getting bolder, but countermeasures are also advancing. A proactive, risk-based approach is becoming the must-have security posture for businesses of all sizes across a wide range of industries. Even better: automated patch intelligence means risk-based prioritization can happen even with the significant personnel shortage facing IT right now. Threat actors aren’t letting up, and we’re going to continue to see a rise in attacks. While that’s inevitable, it’s not inevitable that businesses continue to fall victim at the rates we’re witnessing now. The solution: prioritize. Patch. Automate. And do it now. 

To read the latest Ransomware report in full, click here

To learn more about Ivanti Neurons for Patch Intelligence, click here.