Ransomware Attack Via Unpatched Vulnerabilities Are Brutal: New Survey

Adversaries use stolen credentials or exploit software vulnerabilities to gain access for ransomware attacks, which impacts the initial infection method.

The study surveyed IT professionals in small and mid-sized businesses hit by ransomware within the last year. 

They found that exploited vulnerabilities often lead to more severe attacks with higher costs, while compromised credentials might result in less damaging infections. They also identified the industries most impacted by these different entry points. 

Attacks using ransomware that take advantage of unpatched vulnerabilities are more damaging than attacks that use stolen credentials. 

Organizations hit by these attacks experienced higher rates of compromised backups, encrypted data, and ransom payments, which incurred significantly higher recovery costs and longer recovery times. 

While the reasons are not fully understood, it suggests attackers exploiting vulnerabilities may be more skilled, leading to a more comprehensive compromise by highlighting the importance of patching software to mitigate ransomware risks.

Ransomware Attacks Via Unpatched Vulnerabilities

Nearly a third of ransomware attacks exploit unpatched vulnerabilities, with the percentage varying by industry, while energy, oil, and gas are hit hardest (49% of attacks), likely due to reliance on older, more vulnerable technologies with limited patching options. 

Percentage of ransomware attacks that started with exploited vulnerability

Even when patches exist, over half (55%) of recent attacks involved known vulnerabilities like ProxyShell and Log4Shell, in which the risk of attacks also increases with organizational size as complex IT environments with a larger attack surface become harder to manage and patch effectively. 

An analysis by Sophos shows that ransomware attacks exploiting vulnerabilities are more damaging than those using stolen credentials.

The vulnerability exploit method resulted in worse outcomes in all three aspects – compromising backups, encrypting data, and receiving ransom payments. 

Attackers are just as likely to target backups in both methods but succeed more often (75% vs. 54%) when exploiting vulnerabilities, suggesting either higher attacker skill or weaker backup protection. 

Data encryption also rises significantly (67% vs. 43%) with vulnerability exploits, possibly due to attacker skill or overall weaker defenses, where organizations with encrypted data are more likely to pay the ransom (71% vs. 45%) when backups are compromised, highlighting the pressure to recover critical data. 

It has been found that ransomware attacks exploiting unpatched vulnerabilities are significantly more expensive and disruptive than those using stolen credentials.

While ransom amounts were similar, organizations were much less likely to have to pay the full ransom themselves when compromised credentials were the entry point. 

Full recovery took significantly longer (over a month for 45% of victims) and cost four times more ($3 million vs. $750K) when vulnerabilities were exploited, likely because patching vulnerabilities and restoring damaged systems is more complex than resetting compromised credentials. 

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

The Rise of AI-Generated Professional Headshots

It’s clear that a person’s reputation is increasingly influenced by their online presence, which spans…

9 hours ago

Hackers Abuse Google Ads To Attacking Graphic Design Professionals

Researchers identified a threat actor leveraging Google Search ads to target graphic design professionals, as…

12 hours ago

Hackers Using New IoT/OT Malware IOCONTROL To Control IP Cameras, Routers, PLCs, HMIs And Firewalls

Recent cyberattacks targeting critical infrastructure, including fuel management systems and water treatment facilities in Israel…

12 hours ago

Hackers Exploiting Apache Struts2 Vulnerability to Upload Malicious Payloads

Hackers have begun exploiting a newly discovered vulnerability in Apache Struts2, a widely used open-source…

12 hours ago

Hackers Weaponizing Microsoft Teams to Gain Remote Access

Recent cybersecurity research has uncovered a concerning trend where hackers are exploiting Microsoft Teams to…

13 hours ago

“Password Era is Ending,” Microsoft to Delete 1 Billion Passwords

Microsoft has announced that it is currently blocking an astounding 7,000 password attacks every second,…

2 days ago