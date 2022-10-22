Ransomware has grown by 466 per cent since 2019 and is increasingly being used as a precursor to physical war as seen in the Russia conflict in Ukraine and the Iran and Albania cyber war, according to the latest report.

The report by IT services and security firm Ivanti, which also announced the results of the Ransomware Index Report Q2-Q3 2022, also said that most IT and security teams lack a complete view of all the vulnerabilities that exist and sufficient threat context around those that pose the most risk.

Ransomware groups are continuing to grow in volume and sophistication with 35 vulnerabilities becoming associated with ransomware in the first three quarters of 2022 and 159 trending active exploits. Complicating matters, lack of sufficient data and threat context is making it hard for organizations to effectively patch their systems and efficiently mitigate vulnerability exposure, said the report.

Also Read | Small businesses in India at highest ransomware risk: Report

The report also identified two new ransomware vulnerabilities (CVE-2021-40539 and CVE-2022-26134), both of which were exploited by prolific ransomware families such as AvosLocker and Cerber either before or on the same day they were added to the National Vulnerability Database (NVD). These statistics emphasize that if organizations rely solely on NVD disclosure to patch vulnerabilities they will be susceptible to attacks.

“IT and security teams must urgently adopt a risk-based approach to vulnerability management to better defend against ransomware and other threats. This includes leveraging automation technologies that can correlate data from diverse sources (i.e., network scanners, internal and external vulnerability databases, and penetration tests), measure risk, provide early warning of weaponisation, predict attacks, and prioritize remediation activities,” Srinivas Mukkamala, Chief Product Officer at Ivanti.

The impact of ransomware on critical infrastructure, with the three worst-hit sectors being healthcare, energy, and critical manufacturing. The report revealed that 47.4 per cent of ransomware vulnerabilities affect healthcare systems, 31.6 per cent affect energy systems, and 21.1 per cent affect critical manufacturing.

The Ransomware Index Spotlight Report is based on data gathered from a variety of sources, including proprietary data from Ivanti and CSW, publicly available threat databases, and threat researchers and penetration testing teams said the statement from Ivanti.