The cybersecurity threat landscape is seeing a dramatic increase in the average ransomware payout, increasing by over 500%. Sophos, a global leader in cybersecurity, revealed in its annual report, “The State of Ransomware 2024,” that the average ransom payment increased by 500% last year, with organizations that paid the ransom paying $2 million on average, up from $400,000 in 2023. Additionally, RISK & INSURANCE, a leading insurance media outlet, recently reported that the median ransom demand will soar from $1.4 million in 2022 to $20 million in 2023, with payments surging from $335,000 in 2022 to $6.5 million in 2023, an increase of well over 500%.
This shocking spike is a testament to the sophistication of cyberattacks and the critical vulnerabilities inherent in outdated security methods. The most significant factor contributing to this trend is the widespread reliance on outdated, 20-year-old multi-factor authentication (MFA), which has proven woefully inadequate against modern cyberattacks. Additionally, the adoption of generative AI has empowered cybercriminals to launch incredibly convincing phishing attacks, making them nearly undetectable even by well-trained users. In this article, we explore why average ransomware payouts are skyrocketing, the shortcomings of outdated MFA, and the need for next-generation MFA solutions.
Three Factors Driving Increase in Ransomware Payments
Cybercriminals are targeting their targets
Cybercriminals have reworked their tactics to focus on identifying and crippling organizations that can cause the most disruption to operations and demand the highest ransoms in order to pay the ever-increasing ransoms. Examples include MGM’s $100 million loss, Change HealthCare’s loss of over $1 billion, and CDK Global’s undetermined losses. Cybercriminals know this economic math well and use it to demand exorbitant amounts, knowing that victims will likely comply to minimize their losses. It’s a simple, yet painful, business decision for the victim.
Using generative AI in phishing attacks
Generative AI technology has revolutionized the way cybercriminals craft phishing emails. These tools generate highly convincing, personalized phishing messages that are free of grammatical and spelling errors and indistinguishable from legitimate communications. By analyzing vast amounts of data, generative AI can mimic writing styles, create believable scenarios, and precisely target individuals. These attacks are complete with precise branding and contextually relevant information, convincingly mimicking emails from trusted sources. Organizations that rely on employee training as a defensive strategy are finding that they are seeing an increasingly diminishing return on their investment.
Protect your organization from growing ransomware losses with phishing-resistant MFA. Download our white paper, Protect Your Data with Phishing-Resistant MFA, to learn how next-generation wearable MFA protects sensitive information and overcomes the shortcomings of traditional solutions.
Outdated security measures
Multi-factor authentication (MFA) has been a mainstay of perimeter security for decades, designed to better protect corporate networks by requiring multiple forms of verification. However, traditional MFA systems like knowledge-based authentication (KBA), one-time passwords (OTP), and authenticator apps developed 20 years ago are increasingly inadequate against modern cyber attacks. Traditional MFA is breached in the vast majority of successful ransomware attacks. Traditional MFA is now being quickly compromised by cybercriminals in the following ways:
- Phishing attacks: Attackers use fake login pages and social engineering tactics to trick users into providing their MFA credentials.
- SIM swapping: Attackers convince mobile operators to transfer the victim’s phone number to a SIM card they control, then intercept SMS-based MFA codes.
- Man-in-the-middle (MitM) attacks: An attacker intercepts communication between a user and an online service and obtains an MFA token to use for authentication.
- Malware: Malicious software on a user’s device captures authentication tokens, passwords, or keystrokes, allowing attackers to circumvent MFA.
- Other social engineering: Attackers may manipulate individuals into revealing their MFA credentials or taking actions that circumvent MFA controls.
- Session hijacking: An attacker gains access to an active session token (XSS, CSRF attack, session fixation, etc.) and uses it to bypass MFA. Once they have the session token, they can impersonate the user without needing to re-authenticate.
- Abusing the account recovery process: Attackers exploit weaknesses in the account recovery process to reset a user’s MFA settings, often bypassing MFA.
Why Implement Next Generation MFA?
To effectively combat a virtual tsunami of ransomware attacks, organizations should consider next-generation MFA technology that is phishing-resistant. These advanced solutions incorporate a variety of advanced authentication factors, including biometrics (e.g., fingerprint or facial recognition), making them significantly harder for cybercriminals to replicate and compromise. This is increasingly important given that Verizon’s Data Breach Incident Reports consistently report that more than two-thirds of breaches are the result of compromised credentials, and the Cybersecurity and Infrastructure Security Agency (CISA), a DHS agency, reports that 90% of successful ransomware attacks are the result of phishing attempts.
The Importance of Biometric Authentication
Biometrics leverages unique physical attributes of authorized users, such as fingerprints, facial features, or other characteristics that are extremely difficult to forge or steal. Biometrics plays a key role in the next generation of multi-factor authentication (MFA) due to several key advantages and unique properties:
- Unlike passwords or tokens, biometric characteristics are unique to each individual and extremely difficult to clone or steal.
- Because biometric data is inherently linked to an individual, it cannot be shared or transferred, reducing the risk of credential theft.
- Biometric authentication helps eliminate poor password use and reduces the risks associated with weak, reused or compromised passwords, which are a common attack vector.
- Biometrics are not susceptible to phishing attacks because they cannot be easily captured or entered on fake websites.
- Biometric authentication reduces fraud by verifying that individuals accessing systems are in fact who they say they are, preventing identity theft and unauthorized access.
User convenience is key
Biometric authentication improves the user experience by providing a quick, seamless authentication process that requires just a scan or touch – no passwords to remember or dongles to lose – reducing friction for users and minimizing errors, lockouts and helpdesk calls.
- If an MFA solution is easy to use, more users are likely to adopt it. A complex or cumbersome process will discourage users from engaging with and supporting your organization’s security efforts.
- If MFA is seamlessly integrated into their daily work, users are more likely to follow security protocols and use MFA consistently.
- A simplified MFA process reduces the chance of user error, such as mistyping a code or misplacing a token, which reduces lockouts and support requests, saving your organization time and resources.
- Convenient MFA contributes to positive sentiment toward your security policies and your IT department: Satisfied employees are more likely to embrace security measures.
- A quick and easy authentication process ensures that employees can access the resources they need without unnecessary delays, helping to maintain productivity levels.
In summary, user convenience of an MFA solution is essential to ensure high adoption rates, reduce errors and support costs, strengthen security, maintain productivity, and improve overall user satisfaction. Balancing security and usability helps organizations create an effective, user-friendly security environment.
Choosing the right MFA solution
Selecting the right phishing-resistant next-gen MFA solution requires careful consideration of an organization’s unique requirements. Factors to consider include supported authentication factor types, integration capabilities, ease of use, and scalability. Organizations should choose a solution that balances security, ease of use, and flexibility.
Implementing Next Generation MFA should be done in stages to minimize disruption and ensure a smooth transition. This phased approach allows for thorough testing and user adoption.
The cybersecurity landscape is constantly evolving, and so must an organization’s security posture. Continuous monitoring and regular updates are essential to maintaining the effectiveness of anti-phishing and next-generation MFA solutions. Organizations must establish a framework for continuous security assessments, system updates, and threat intelligence integration to stay ahead of new threats.
Conclusion
The sudden increase in ransomware payments is a clear indication that the cyber threat landscape is evolving and that improved security measures are urgently needed. The deficiencies of 20-year-old legacy MFA systems are a major driver of this alarming trend. As cyber attacks become increasingly sophisticated, especially using generative AI to create highly convincing phishing messages, organizations must move away from outdated security practices and embrace next-generation MFA technology. By adopting advanced authentication methods, implementing adaptive security measures, and ensuring seamless integration with security infrastructure, organizations can significantly strengthen their defenses against ransomware attacks. Moving to phishing-resistant next-generation MFA is more than just a technology upgrade. It is a strategic imperative to protect critical data, reduce the risk of devastating financial losses, and ensure operational resilience in the face of growing cyber threats. In the fight against ransomware, the message is clear: legacy MFA systems are no longer enough.
