Extortion demands climb 45% in 2021 on back of ransomware spread

The average ransom demand grew to $247,000 in 2021 according to research from Group-IB.

According to CyberNews, victim downtime increased from 18 days in 2020 to 22 days in 2021. This all came after Group-IB analysed more than 700 ransomware attacks.

The group said that ransomware-as-a-service programs ‘started offering their affiliates not only ransomware builds, but also custom tools for data exfiltration to simplify and streamline operations’. This led the double extortion technique to become even more widespread – with cybercriminals exfiltrating victims’ data is 63% of the analysed cases.

During the first quarter of 2021 and 2022, over 3500 victims were listed on the data leak sites, with the US, Canada and the UK taking the biggest hits on 1655, 176 and 168 respectively.

Lockbit, Conti and Pysa were the most aggressive ransomware gangs on 670, 640 and 186 victims respectively. The most common way to gain a foothold in the target network was found to be exploitation of public-facing desktop protocol servers.

Group-IB said, “In 2021, the attribution of ransomware attacks became increasingly complicated since many bots such as Emotet, Qakbot, and IcedID were being used by various threat actors, unlike in 2020, when certain commodity malware families had strong affiliation with specific ransomware gangs.

REvil affiliates leveraged zero-day vulnerabilities to attack Kaseya’s clients. BazarLoader, used in Ryuk operations, was distributed via vishing (voice phishing). Phishing emails contained information about “paid subscriptions”, which could allegedly be canceled by phone. During the call, the threat actors lured the victim to a fake website and gave instructions to download and open a weaponized document, which downloaded and ran BazarLoader.”

Copyright © 2022 RegTech Analyst

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.