Decoding CISA Known Exploited Vulnerabilities

Ransomware

Through the lens of Threat and Vulnerability Management

Ransomware Report 2022

An Index Report covering updates, trends, predictions, and more from Q2 and Q3 2022

ransomware report image

Key Insights

Ransomware-Q3-LP-2

More vulnerabilities adopted by attackers

CSW’s experts continue to track the adoption of dangerous vulnerabilities by ransomware operators.

In this index report, we update the key, tracked ransomware metrics.

57 ransomware vulnerabilities have complete kill chain

Our experts mapped all 323 ransomware vulnerabilities to the MITRE ATT&CK kill chain and found that 57 of these could be used end-to-end to infiltrate and breach organizations.

Ransomware-Q3-LP-4

Ransomware Key Index Numbers for Q3 2022

13

Vulnerabilities with new ransomware associations

159

Ransomware vulnerabilities targeted by hackers to mount attacks

03

Advanced Persistent Threat groups using ransomware

18

Ransomware vulnerabilities missed by popular scanners

114

Ransomware vulnerabilities affecting 706 unique products

124

Ransomware vulnerabilities excluded from the CISA KEV catalog

Ransomware-Q3-LP-2

Critical infrastructure sectors are at risk!

This quarter, our experts provide insights about critical infrastructure sectors and the vulnerabilities that make them susceptible to ransomware. Learn how ransomware can potentially disrupt operations in each sector and its devastating impact.

Predictive Insights, Trends, and More…

In this report, find the top 10 ransomware vulnerabilities red-flagged by our Threat Intelligence platform with a high likelihood of exploitation.

Check out predictive trends and future threats to watch out for.

Ransomware-Q3-LP-4

Ransomware

Through the lens of Threat and Vulnerability Management

Index Update report Q2 and Q3

Actionable insights, accurate intel, and predictive trends to keep you safe from ransomeware threats!

ransomware report image

Ransomware Assessment

Sign up for a complimentary ransomware attack surface assessment and get a consultation with our experts.

Download Previous Reports

ransomwarebookthree

Ransomware Index Update Q1 2022

Download Now
ransomwarebookthree

Ransomware Spotlight Report 2022

Ransomware Index Update for Q3 provides the latest ransomware trends, and the new groups, vulnerabilities and weaknesses tied to ransomware. Understand what vulnerabilities offer the greatest threat and stay protected.

Download Now
ransomwarebookthree

Ransomware Index Update Q3 2021

Ransomware Index Update for Q3 provides the latest ransomware trends, and the new groups, vulnerabilities and weaknesses tied to ransomware. Understand what vulnerabilities offer the greatest threat and stay protected.

Download Now
ransomwarebookthree

Ransomware Index Update Q2 2021

Ransomware index update for Q2 looks at new vulnerabilities tied to ransomware, new exploits, APT Groups, and Ransomware families. Build resilience to defend your ecosystem from crippling ransomware attacks.

Download Now
ransomwarebookthree

Ransomware Index Update Q1 2021

Ransomware index update for Q1 2021 brings new vulnerabilities, exploits, APT Groups and Ransomware families that have become active in the first quarter of 2021. Get updated insights about this evolving threat and know your exposure to it.

Download Now

Blogs

May 12, 2022
All About Conti
#CyberSecurity
All About Conti
May 12, 2022 | Surojoy Gupta
Feb 4, 2022
CSW Analysis: Top Scanners Missed Vulnerabilities Tied to Ransomware in 2021
#CyberSecurity
CSW Analysis: Top Scanners Missed Vulnerabilities Tied to Ransomware in 2021
Feb 4, 2022 | Pavithra Shankar
May 19, 2022
CISA Releases a Directive Asking Organizations to Patch Known Exploited Vulnerabilities
#CyberSecurity
CISA Releases a Directive Asking Organizations to Patch Known Exploited Vulnerabilities
May 19, 2022 | Surojoy Gupta
May 19, 2022
Top Scanners Fail to Flag DHS CISA-warned KEVs
#CyberSecurity
Top Scanners Fail to Flag DHS CISA-warned KEVs
May 19, 2022 | Pavithra Shankar
May 5, 2022
Pegasus Spyware Snoops On Political Figures Worldwide
#CyberSecurity
Pegasus Spyware Snoops On Political Figures Worldwide
May 5, 2022 | Surojoy Gupta
Mar 10, 2022
Cyberwar Bulletin 1: Russia & Ukraine
#CyberSecurity
Cyberwar Bulletin 1: Russia & Ukraine
Mar 10, 2022 | Sumeetha, Priya
Mar 16, 2022
Cyberwar Bulletin 2: Are you ready for this cyberwar?
#CyberSecurity
Cyberwar Bulletin 2: Are you ready for this cyberwar?
Mar 16, 2022 | Sumeetha, Priya
Aug 19, 2021
Accenture attacked by LockBit 2.0 Ransomware
#CyberSecurity
Accenture attacked by LockBit 2.0 Ransomware
Aug 19, 2021 | Sumeetha, Surojoy
May 25, 2022
20 Percent of CVEs Listed in CISA’s Latest Directive have Ransomware Associations
#CyberSecurity
20 Percent of CVEs Listed in CISA’s Latest Directive have Ransomware Associations
May 25, 2022 | Surojoy Gupta
August 21, 2021
Darkside Ransomware: Further Threat Associations Unearthed
#CyberSecurity
Darkside Ransomware: Further Threat Associations Unearthed
August 21, 2021 | Priya Ravindran
July 12, 2021
Kaseya VSA Downed by REvil in Monumental Supply-Chain Attack
#CyberSecurity
Kaseya VSA Downed by REvil in Monumental Supply-Chain Attack
July 12, 2021 | Surojoy, Priya
June 16, 2021
REvil Brings Down JBS - the World’s Largest Meat Packer
#CyberSecurity
REvil Brings Down JBS - the World’s Largest Meat Packer
June 16, 2021 | Sumeetha
April 05, 2022
All About Qlocker
#CyberSecurity
All About Qlocker
April 05, 2022 | Priya Ravindran
May 18, 2021
Darkside: The Ransomware that brought a US pipeline to a halt
#CyberSecurity
Darkside: The Ransomware that brought a US pipeline to a halt
May 18, 2021 | Sumeetha
Apr 16, 2021
All about Ryuk
#CyberSecurity
All about Ryuk
Apr 16, 2021 | Sumeetha

Media Coverage

May 19, 2022
Ransomware Vulnerabilities Spike by 7.6% in Q1 2022
#Ransomware
Ransomware Vulnerabilities Spike by 7.6% in Q1 2022
May 19, 2022 | AiTechpark
May 19, 2022
Prioritize patching vulnerabilities associated with ransomware
#Ransomware
Prioritize patching vulnerabilities associated with ransomware
May 19, 2022 | Help Net Security
May 19, 2022
Ransomware gangs rely more on weaponizing vulnerabilities
#Ransomware
Ransomware gangs rely more on weaponizing vulnerabilities
May 19, 2022 | Bleeping Computers
May 19, 2022
Ransomware vulnerabilities increase as Russia-linked activity surges
#Ransomware
Ransomware vulnerabilities increase as Russia-linked activity surges
May 19, 2022 | Beta News
May 19, 2022
CSW Releases Q1 2022 Ransomware Report
#Ransomware
CSW Releases Q1 2022 Ransomware Report
May 19, 2022 | Industry Today
May 18, 2022
Ransomware Groups Continue to Leverage Old Vulnerabilities
#Ransomware
Ransomware Groups Continue to Leverage Old Vulnerabilities
May 18, 2022 | Health IT Security
May 18, 2022
Ransomware Vulnerabilities Spike by 7.6% in Q1 2022
#Ransomware
Ransomware Vulnerabilities Spike by 7.6% in Q1 2022
May 18, 2022 | VM Blog
May 20, 2022
The True Danger for Organizations: Unpatched Vulnerabilities
#Ransomware
The True Danger for Organizations: Unpatched Vulnerabilities
May 20, 2022 | Security Boulevard
Jun 03, 2022
CSW: Attackers Weaponize Vulnerabilities Days After..
#Ransomware
CSW: Attackers Weaponize Vulnerabilities Days After..
Jun 03, 2022 | SDX Central
May 18, 2022
Q1 2022 Ransomware Report Reveals 7.6% Increase in Vulnerabilities Tied to Ransomware
#Ransomware
Q1 2022 Ransomware Report Reveals 7.6% Increase in Vulnerabilities Tied to Ransomware
May 18, 2022 | BusinessWire
Apr 11, 2022
Managing Ransomware in 2022
#Ransomware
Managing Ransomware in 2022
Apr 11, 2022 | IT Social
Jan 26, 2022
Cybersecurity’s challenge for 2022 is defeating weaponized ransomware
#Ransomware
Cybersecurity’s challenge for 2022 is defeating weaponized ransomware
Jan 26, 2022 | Venture Beat
Jan 26, 2022
Ransomware 2021 Year End Report Reveals Hackers are Increasingly Targeting Zero-Day Vulnerabilities and Supply Chain Networks
#Ransomware
Ransomware 2021 Year End Report Reveals Hackers are Increasingly Targeting Zero-Day Vulnerabilities and Supply Chain Networks
Jan 26, 2022 | Bloomberg
Jan 26, 2022
Ivanti report finds 32 new ransomware families in 2021
#Ransomware
Ivanti report finds 32 new ransomware families in 2021
Jan 26, 2022 | SiliconANGLE
Jan 26, 2022
Ransomware Spotlight Year End 2021 Report (Ivanti)
#Ransomware
Ransomware Spotlight Year End 2021 Report (Ivanti)
Jan 26, 2022 | The Cyberwire
Jan 26, 2022
Ransomware 2021 Year End Report Reveals Hackers are Increasingly Targeting Zero-Day Vulnerabilities and Supply Chain Networks for Maximum Impact
#Ransomware
Ransomware 2021 Year End Report Reveals Hackers are Increasingly Targeting Zero-Day Vulnerabilities and Supply Chain Networks for Maximum Impact
Jan 26, 2022 | Yahoo Finance
Jan 26, 2022
Hackers continue to target zero-day vulnerabilities
#Ransomware
Hackers continue to target zero-day vulnerabilities
Jan 26, 2022 | BetaNews
Feb 8, 2022
New Ransomware Report Reveals Hackers Are Increasingly Targeting Zero-Day Vulnerabilities and the Supply Chain
#Ransomware
New Ransomware Report Reveals Hackers Are Increasingly Targeting Zero-Day Vulnerabilities and the Supply Chain
Feb 8, 2022 | Direct Industry
Jan 29, 2022
32 new ransomware families in 2021, a 26 per cent YoY increase: Report
#Ransomware
32 new ransomware families in 2021, a 26 per cent YoY increase: Report
Jan 29, 2022 | The Hindu
Jan 28, 2022
Hackers are Increasingly Targeting Zero-Day Vulnerabilities and Supply Chain Net .. Read more at: https://cio.economictimes.indiatimes.com/news/digital-security/hackers-are-increasingly-targeting-zero-day-vulnerabilities-and-supply-chain-networks-for-maximum-impact-states-report/89175933
#Ransomware
Hackers are Increasingly Targeting Zero-Day Vulnerabilities and Supply Chain Net .. Read more at: https://cio.economictimes.indiatimes.com/news/digital-security/hackers-are-increasingly-targeting-zero-day-vulnerabilities-and-supply-chain-networks-for-maximum-impact-states-report/89175933
Jan 28, 2022 | CIO, Economic Times
Jan 28, 2022
Ransomware families becoming more sophisticated with newer attack methods
#Ransomware
Ransomware families becoming more sophisticated with newer attack methods
Jan 28, 2022 | Help Net Security
Jan 28, 2022
Ransomware 2021 Year End Report Reveals Hackers are Increasingly Targeting Zero-Day Vulnerabilities and Supply Chain Networks for Maximum Impact
#Ransomware
Ransomware 2021 Year End Report Reveals Hackers are Increasingly Targeting Zero-Day Vulnerabilities and Supply Chain Networks for Maximum Impact
Jan 28, 2022 | BusinessWire
Jan 28, 2022
Hackers are targeting unpatched systems, supply chain networks: Report
#Ransomware
Hackers are targeting unpatched systems, supply chain networks: Report
Jan 28, 2022 | The New Indian Express
Jan 27, 2022
Ransomware groups target zero-day weakness, networks
#Ransomware
Ransomware groups target zero-day weakness, networks
Jan 27, 2022 | Tech Herald
Jan 27, 2022
Hackers Targeting Zero-Day Vulnerabilities and Supply Chain Networks: Report Read more at: https://www.cxotoday.com/press-release/ransomware-2021-year-end-report-reveals-hackers-are-increasingly-targeting-zero-day-vulnerabilities-and-supply-chain-networks-for-maximum-impact/
#Ransomware
Hackers Targeting Zero-Day Vulnerabilities and Supply Chain Networks: Report Read more at: https://www.cxotoday.com/press-release/ransomware-2021-year-end-report-reveals-hackers-are-increasingly-targeting-zero-day-vulnerabilities-and-supply-chain-networks-for-maximum-impact/
Jan 27, 2022 | CXO Today