FAQ from the webinar on Cy-Xplorer 2023 report

Looking to navigate the menace of cyber extortion (Cy-X) attacks?

Watch the recording of our webinar to learn about the latest Cy-X trends, patterns, and threat actors behind these alarming crimes. Diana Selck-Paulsson, Lead Security Researcher and Vincent Hinderer, Cyber Threat Intelligence Team Leader and Charl van der Walt, Head of Security Research, share data and insight from our new Cy-Xplorer 2023 report, the number one source for leading insight on Cy-X. Don't miss out on this opportunity to learn from our experts.

Frequently asked questions

What’s the difference between Cy-X and ransomware attacks?

Cy-X is a broader definition that describes the crime of using computer hacking to take something from the victim and then extort a ransom from them. Ransomware is a mechanism to facilitate cyber extortion where attackers encrypt files or lock systems and demand a ransom for their release.

If 75% of countries are impacted by cyber extortion incidents, how do the remaining 25% safeguard themselves from attacks? What are the geographical locations of these countries?

The threat of Cy-X attacks previously impacted countries in proportion to the number of registered organizations; however, this trend is changing. As governments in larger Western countries are now more proactively addressing attacks, threat actors are increasingly targeting countries whose local governments have fewer measures in place.

As a result, ​​there has been a 42% year-on-year increase in attacks in Southeast Asia, with Indonesia, Singapore, Thailand, the Philippines, and Malaysia most affected, followed by the Nordics (+40%), and Latin America (+32%). At the same time, we have seen a decrease in victims in regions such as the United States (-21%), Canada (-28%) and Europe (-2%) which make up the 25% of countries less impacted due to their tougher government measures.  

What’s the reason for the 8% reduction in cyber extortion in 2022?

One potential explanation for the 8% decrease in attacks in 2022 could be the ongoing war in Ukraine. After the Conti group aligned with Russia, the Cy-X criminal ecosystem underwent a transformation shifting from predominantly financial motivations to being more driven by a political agenda. Another reason for the decrease could be that several criminal operations were shut down last year.

Despite the detection capabilities of Windows Defender and antivirus programs against most ransomware Trojan malware, how do individuals still fall victim, even when they have these defenses in place?

Despite antivirus programs and security defenses like Windows Defender playing a crucial role in protecting against ransomware, detecting attacks is an ongoing game of cat-and-mouse. While threat actors continuously evolve their tools and techniques and often use the 'Living off the Land' strategy, or employ standard, existing IT tools in their attack, to avoid detection, they only need to 'get lucky' and find a security weakness once to achieve a successful compromise.

Based on your research, have you been able to identify the beneficiaries of cryptocurrencies in connection to ransomware attacks?

Ongoing efforts are being made to identify the recipients of cryptocurrencies in connection with ransomware and several technologies and services have emerged that enable tracking, but criminals are adept at washing money and hiding trails which makes it challenging. 

Law enforcement agencies worldwide are also making significant attempts to force exchangers to obtain more customer information and share this intelligence with them. If they don’t, they run the risk of being investigated and taken down if they’re seen to be facilitating crime. 

Does the level of security assurance differ between having your services on-premise or in the cloud when it comes to dealing with ransomware?

It depends. The decision between hosting in the cloud or on-premise depends on various factors. Since ransomware involves extortion, where attackers take something valuable and offer it back in exchange for a ransom, you need to assess if your data is stolen, deleted, or denied access, can you manage without it? And do you have the right backup solutions in place to recover quickly? These are crucial considerations when evaluating the security benefits of hosting in the cloud versus on-premise.

If a company or database is hit with a ransomware attack, is the only viable option to restore a previous backup?

While restoring from a previous backup is often a recommended course of action in response to a ransomware attack, it is not the only potential option available. The appropriate response depends on various factors, including the severity of the attack, the extent of data or system compromise, and the organization's specific circumstances.

Can you detect any attacker's use of advanced AI/ML, such as Generative AI? If undetectable, what impact would you expect from General Artificial Intelligence (GAI)?

We've been applying ML in all kinds of use cases defensively for several years now and we anticipate that's going to accelerate dramatically. As most cyber attacks require a watering hole or phishing email, for example, this needs to be produced in believable language. Generative AI gives attackers the ability to pretend to be native language speakers and particularly English native language speakers. 

What is the estimated potential increase in Cy-X attacks with the explosive growth of generative AI/Large Language Model (LLM)?

We can't provide specific numbers but we can assume that LLMs will enable criminals to improve their email and website 'lures', and produce new ones more quickly. In addition, and perhaps more importantly, tools like LLMs and translation engines may enable criminals from a wider set of countries to target businesses worldwide, by helping them overcome the language barrier.