Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis.

Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last few years, the average time to complete a ransomware attack dropped 94% (from 2019 to 2021). In 2019, the average ransomware attack took over two months from initial access to ransomware deployment. Today it takes less than four days to execute an attack.

The X-Force Definitive Guide to Ransomware can help.

Threat actors continue to adjust their tactics, techniques, and procedures to evade detection. To stay ahead, we refresh the Guide annually to include the latest ransomware research, trends, and attack types. Originally developed by my colleague Limor Kessem in 2017 — who pulled me in as a coauthor — the guide was intended to be a point-in-time document to address the surge in ransomware across geographies and industries.

A bit unexpectedly, the Guide rapidly became one of the hottest publications we do here at X-Force, garnering tens of thousands of downloads and generating a lot of conversation on social media (and several of you have asked how it got started — hence the history lesson!). With that, we’ve refreshed it annually with current data on the evolution of ransomware, types of ransomware attacks — including double-and-triple extortion, and details on each phase of incident response.

Download the Guide

What’s new in the 2023 Definitive Guide to Ransomware

This year, we’ve pulled a handful of other X-Force brainiacs into the author mix — including some of our industry-leading intelligence and research experts — to make the Guide an even more robust and powerful tool in the quest to stay safer from ransomware.

In this year’s edition you’ll find:

  • The X-Force exclusive 5-stage ransomware attack framework, developed from real-life engagements combatting the threat
  • Fortified background on ransomware’s evolution in 2023
  • How to find X-Force proprietary research uncovering robust detection techniques that can help you discover and prevent ransomware on your network

Join the Definitive Guide to Ransomware webcast

If you have questions and want a deeper discussion about ransomware prevention, detection, and response techniques join us for an interactive webcast on Top 5 Takeaways from the 2023 Definitive Guide to Ransomware Wednesday, June 21, at 11 a.m. EDT.

You can also learn how IBM X-Force can help you with incident response, threat intelligence, or offensive security services by scheduling a follow-up meeting here: IBM X-Force Scheduler.

If you are experiencing cybersecurity issues or an incident, contact X-Force to help: US hotline 1-888-241-9812 | Global hotline (+001) 312-212-8034.

Learn more about how to protect your organization with the new Definitive Guide to Ransomware.

More from Defensive Security

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

X-Force certified containment: Responding to AD CS attacks

6 min read - This post was made possible through the contributions of Joseph Spero and Thanassis Diogos. In June 2023, IBM Security X-Force responded to an incident where a client had received alerts from their security tooling regarding potential malicious activity originating from a system within their network targeting a domain controller. X-Force analysis revealed that an attacker gained access to the client network through a VPN connection using a third-party IT management account. The IT management account had multi-factor authentication (MFA) disabled…

Poor communication during a data breach can cost you — Here’s how to avoid it

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…

X-Force prevents zero day from going anywhere

8 min read - This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…