Most ransomware attacks rely on exploiting older, unpatched vulnerabilities

Businesses should take a proactive approach to patch management, experts say

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Ransomwareattackers exploited a dozen new vulnerabilities in campaigns in Q3 2021, bringing the total number of vulnerabilities associated with ransomware to 278, claims a new report.

Compiled bycybersecurityvendor Ivanti, the report reveals that ransomware groups are continuing to grow in sophistication, boldness, and volume, with numbers up across the board since Q2 2021.

It tracked a 4.5% increase in CVEs associated with ransomware in Q3 2021, along with a similar increase in actively exploited and trending vulnerabilities, along with a 3.4% increase in ransomware families, as compared to Q2 2021.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

“Ransomware groups continue to mature their tactics, expand their attack arsenals, and target unpatched vulnerabilities across enterprise attack surfaces,”notesSrinivas Mukkamala, Senior Vice President of Security Products at Ivanti.

Attacking unpatched vulnerabilities

Out of the 12 vulnerabilities newly associated with ransomware, five are capable of remote code execution attacks, and two are capable of exploiting web applications and being manipulated to launch denial-of-service attacks.

Importantly, the report also showed a 1.2% increase in older vulnerabilities tied to ransomware compared to the previous quarter, bringing the total count of older vulnerabilities associated with ransomware to 258.

This means that a staggering 92.4% of all vulnerabilities tied to ransomware are those that have already been patched..

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

In fact, Ivanti notes that In Q3 2021, the Cring ransomware group targeted two older vulnerabilities, namely CVE-2009-3960 and CVE-2010-2861, that have had patches for over a decade.

“It’s critical that organizations take a proactive, risk-based approach topatch managementand leverage automation technologies to reduce the mean time to detect, discover, remediate, and respond to ransomware attacks and other cyber threats,” concludes Mukkamala.

Build a digital moat around your network using one of thesebest firewallapps and services, and protect your computers against all kinds of cyber-attacks with thesebest endpoint protectiontools

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well