The average ransomware group only lives for two years

security
(Image credit: Shutterstock / binarydesign)

Ransomware groups are something of a Phoenix - they live short lives, burn out quickly, but are often reborn and come back stronger and more destructive.

A new IBM Security report claims the average ransomware group “lives” less than two years - 17 months, on average, in fact. This is, in part, due to increasing pressure from governments and law enforcement agencies, which have successfully dismantled some of the biggest threat actors in the ransomware space, in these past couple of years.

However, IBM Security’s data suggests that many of these groups could go into hiatus, rebrand, build entirely new infrastructure from scratch, using all of the previous experience, and than come back stronger and even more destructive.

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

Transforming with ease

According to the report, that’s hardly an issue for these groups, as they’ve gathered enough resources from their previous operations to successfully fund any change. 

Elsewhere in the report, the researchers are saying ransomware operators were mostly targeting manufacturing organizations. The Covid-19 pandemic has put tremendous pressure on the supply chain, something many threat actors were acutely aware of.

As a result, almost a quarter of all cyberattacks happening globally, were against manufacturers.

What’s more, in Asia, the foundation of many of the world’s supply chains, manufacturing was one of the top-attacked industries. 

All of this leads IBM’s researchers to believe that ransomware groups won’t be going anywhere, any time soon, and that the efforts to eliminate them, while commendable, probably won’t suffice. That’s why businesses need to protect themselves, by updating their disaster recovery plans, refreshing their resilience strategies, training their employees to spot phishing and social engineering attacks, and keeping their hardware and software up to date. 

Having an antivirus and a firewall will not keep most threat actors at bay, as their attacks against employees have grown frighteningly sophisticated. Deploying a zero-trust strategy and staying vigilant is the best way forward, experts are saying.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.