Barracuda Networks Inc., a cloud-first security solutions provider, has revealed that nearly half (44%) of foiled ransomware attacks were detected during the lateral movement stage, according to their latest Threat Spotlight on ransomware.
The report, which analyzes trends over the past year, highlights the importance of monitoring this phase to intercept attacks before they fully materialize.
The study, which reviewed 200 reported ransomware incidents between August 2023 and July 2024, shows that lateral movement — where attackers navigate through a network to gain access to additional systems — remains a critical indicator of an ongoing ransomware attack. Barracuda also noted that 25% of incidents were detected when attackers attempted to write or edit files, while 14% were caught due to behaviors that deviated from known patterns.
These findings underline the evolving tactics of ransomware groups and the need for robust detection systems. The research spanned 37 countries, including major economies like Australia, China, Japan, and the Philippines, and covered 36 different ransomware groups.
Healthcare organizations were particularly targeted, accounting for 21% of attacks, up from 18% the previous year. The manufacturing sector followed with 15%, and technology companies with 13%. Notably, attacks on educational institutions dropped significantly, representing just 9% of incidents compared to 18% last year.
“Ransomware-for-rent attacks can be hard to detect and contain,” said Adam Khan, VP, of Global Security Operations at Barracuda Networks. “Fortunately, there are tried and tested approaches that most attackers rely on, such as scanning, lateral movement, and malware download. These can trigger security alerts that provide security teams with several opportunities to detect, contain, and mitigate ransomware incidents before they have a chance to fully unfold. This is particularly important in IT environments where not all machines are completely secured.”