Ransomware Report: Through the Lens of Threat and Vulnerability Management

Index Update Q2-Q3 2022

The Q2-Q3 index update provides a look into the current ransomware ecosystem, along with our insights and early warning predictions of highly targeted attack vectors. 

Ransomware groups are continuing to grow in volume and sophistication with 35 vulnerabilities becoming associated with ransomware in the first three quarters of 2022 and 159 trending active exploits.  Lack of sufficient data and threat context is making it hard for organizations to effectively patch their systems and efficiently mitigate vulnerability exposure.

Key Findings:

  1. Ransomware vulnerabilities continue to grow with 13 new additions.

  2. The MITRE ATT&CK kill chain exists for 57 ransomware vulnerabilities.

  3. Popular scanners have blindspots

  4. Three more APT groups started using ransomware

  5. Ransomware vulnerabilities affecting multiple vendor products

  6. Ransomware vulnerabilities excluded from the CISA KEV catalog

  7. New weakness categories are contributing vulnerabilities to ransomware attackers


Access the Report