Double extortion ransomware increases by 935 percent

Instances of ‘double extortion’ ransomware attacks have seen a 935 percent year-on-year increase, according to research published by Group-IB. 

The company’s Hi-Tech Crime Trends 2021/2022 report, which covers the latter half of 2020 and the first half of 2021, also found that data from over 2,300 companies was posted onto ransomware extortion sites in that period. 

‘Double extortion’ ransomware is when the threat actors not only demand a ransom be paid to decrypt files and systems, but also to stop the leaking of files stolen during the attack. 

The surge in breaches, the researchers claim, is down to an alliance of initial access brokers and ransomware-as-a-service (RaaS) affiliate programs. 

The number of RaaS affiliate groups increased by 19 percent, with 21 new groups discovered. Similarly, the amount of initial access brokers also grew. In the past year, Group-IB claims to have observed a huge increase in new players in this market, growing from 33 to a massive 262. The sale of access to companies on underground sites almost tripled in frequency, from 362 to 1,099. 

The total number of breach victims on ransomware data leak sites was over 10 times larger than in the previous reporting period, surging from 229 to 2,371. Even if victims pay the demanded ransom, their data still often end up on these sites. 

The Conti ransomware group was most culpable for leaking victim’s data, with 361 victim’s data available (16.5 percent). This was followed by Lockbit (251), Avaddon (164), REvil (155) and Pysa (118). 

Group-IB’s report also found an increase in sectors impacted by ransomware, from 20 to 35. Education, manufacturing, and financial services were the most affected (9 percent each), followed by healthcare and commerce (both 7 percent). 

In terms of location, companies in the United States were targeted most often (30 percent), with the UK (4 percent) just behind France (5 percent) for targeting frequency. 

The frequency of ransomware attacks continues to surge, with new attacks reported almost every day. You can learn more about this trend here. You can also learn how to protect yourself from ransomware here. 

Other details released in the report showed that partner programs for phishing and scams are also thriving, with there now more than 70 affiliate programs that pocketed those involved at least £7.5 million in total. 

The carding market, on the other hand, saw a decrease in value of 26 percent to around £1 billion. The sale of bank card text data (card numbers, expiration dates, CVV etc.), however, soared dramatically by 36 percent from 28 million records to 38 million. 

Through Securiwiser’s cybersecurity assessment service, vulnerabilities in the digital presence of your business can be identified. This can help you stay secure from cyberthreats such as ransomware. Try it for free today.