SK Shieldus, has recently published the second-quarter 2024 KARA ransomware trend report.
The report points out an alarming increase in ransomware attacks both worldwide and specifically in South Korea.
Created by the Korean Anti Ransomware Alliance (KARA), offers valuable insights into the growing threats, particularly within the manufacturing sector.
The report states that there were 1,321 ransomware attacks recorded globally in Q2 2024, which is an 18% increase compared to the previous quarter.
There has been a substantial rise in ransomware incidents in South Korea, with 10 reported cases in the most recent quarter, compared to just one in the previous quarter.
Half of the South Korean cases were found in the manufacturing sector, which was seriously impacted.
The manufacturing industry is particularly attractive to ransomware groups because disruptions in production can cause massive losses, pushing companies to pay ransoms quickly.
Hackers often exploit weaker security in subsidiaries or subcontractors to gain access to critical systems.
The report highlights the ongoing evolution of ransomware attackers' strategies, despite global efforts to combat them.
It has become more common for hackers to exploit older, widely-known vulnerabilities in order to minimize the time and effort required to find new weaknesses.
In addition, they are using generative AI to improve their attacks and avoid being detected.
An interesting example mentioned in the report is the ‘RansomHub' group, known for creating ransomware using less common programming languages such as ‘GO.'
Security systems face challenges in detecting the malware due to the limited availability of analysis data.
The attackers go a step further by encrypting the configuration values required for execution, making it even more challenging to detect their activities.