Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis.

Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last few years, the average time to complete a ransomware attack dropped 94% (from 2019 to 2021). In 2019, the average ransomware attack took over two months from initial access to ransomware deployment. Today it takes less than four days to execute an attack.

The X-Force Definitive Guide to Ransomware can help.

Threat actors continue to adjust their tactics, techniques, and procedures to evade detection. To stay ahead, we refresh the Guide annually to include the latest ransomware research, trends, and attack types. Originally developed by my colleague Limor Kessem in 2017 — who pulled me in as a coauthor — the guide was intended to be a point-in-time document to address the surge in ransomware across geographies and industries.

A bit unexpectedly, the Guide rapidly became one of the hottest publications we do here at X-Force, garnering tens of thousands of downloads and generating a lot of conversation on social media (and several of you have asked how it got started — hence the history lesson!). With that, we’ve refreshed it annually with current data on the evolution of ransomware, types of ransomware attacks — including double-and-triple extortion, and details on each phase of incident response.

Download the Guide

What’s new in the 2023 Definitive Guide to Ransomware

This year, we’ve pulled a handful of other X-Force brainiacs into the author mix — including some of our industry-leading intelligence and research experts — to make the Guide an even more robust and powerful tool in the quest to stay safer from ransomware.

In this year’s edition you’ll find:

  • The X-Force exclusive 5-stage ransomware attack framework, developed from real-life engagements combatting the threat
  • Fortified background on ransomware’s evolution in 2023
  • How to find X-Force proprietary research uncovering robust detection techniques that can help you discover and prevent ransomware on your network

Join the Definitive Guide to Ransomware webcast

If you have questions and want a deeper discussion about ransomware prevention, detection, and response techniques join us for an interactive webcast on Top 5 Takeaways from the 2023 Definitive Guide to Ransomware Wednesday, June 21, at 11 a.m. EDT.

You can also learn how IBM X-Force can help you with incident response, threat intelligence, or offensive security services by scheduling a follow-up meeting here: IBM X-Force Scheduler.

If you are experiencing cybersecurity issues or an incident, contact X-Force to help: US hotline 1-888-241-9812 | Global hotline (+001) 312-212-8034.

Learn more about how to protect your organization with the new Definitive Guide to Ransomware.

More from Defensive Security

X-Force uncovers global NetScaler Gateway credential harvesting campaign

6 min read - This post was made possible through the contributions of Bastien Lardy, Sebastiano Marinaccio and Ruben Castillo. In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

X-Force certified containment: Responding to AD CS attacks

6 min read - This post was made possible through the contributions of Joseph Spero and Thanassis Diogos. In June 2023, IBM Security X-Force responded to an incident where a client had received alerts from their security tooling regarding potential malicious activity originating from a system within their network targeting a domain controller. X-Force analysis revealed that an attacker gained access to the client network through a VPN connection using a third-party IT management account. The IT management account had multi-factor authentication (MFA) disabled…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today