Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Companies are finding it harder to detect ransomware

Ransomware

Fewer and fewer organizations are detecting ransomware on their networks and their endpoints, but that doesn’t mean that there are fewer ransomware attacks happening around the world. 

In fact, the contrary might very well be true, a report from Fortinet claims. Its latest research found ransomware operators are growing more sophisticated, and more picky when it comes to choosing their targets. 

That makes them more successful and, at the same time, makes organizations detect these intrusions harder, with Fortinet finding just 13% of victim organizations discovered ransomware on their devices in the first half of the year - compared to 22% five years ago.

Ransomware as a service

This increase in sophistication comes from ransomware becoming more of a service, and less of a commodity. Threat actors are increasingly turning towards ransomware-as-a-service offers, in which a dedicated group develops and maintains the malware strain, while a separate group pays to use it. This gives developers more time to create more dangerous variants. As a result, the researchers documented “substantial spikes” in ransomware variant growth in recent years, it was said. 

On a longer timeframe, ransomware detections are declining. On a shorter timeframe, however, they continue to be volatile, the researchers further stated. In the first half of the year, there had been 13x more detections compared to the end of 2022. Year-on-year, it’s still a downtrend.

All of these threats came from roughly a third of all known advanced persistent threat (APT) groups. Fortinet says that out of 138 threat actors MITRE tracks, 41 were active in the first half of 2023, equaling roughly a third (30%). Of those, Turla, StrongPity, Winnti, OceanLotus, and WildNeutron were the most active.

Lately, ransomware operators have started ditching the encryption part of the attack, and focusing solely on stealing data and demanding ransom in exchange for keeping the data private. 

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.