The number of ransomware attacks surged by 288% between the first and second quarters of 2021 as double extortion attempts grew according to a new report by cyber and software resilience company NCC group.
New data released by NCC Group’s Research Intelligence and Fusion Team (RIFT) has revealed that the number of ransomware attacks increased by 288% between January-March 2021 and April-June 2021, with organisations continuing to face waves of digital extortion in the form of targeted ransomware.
During the April-June 2021 quarter, 22% of ransomware data leaks were attributed to Conti ransomware, which often uses email phishing to remote into a network via an employee’s device.
This was closely followed by Avaddon ransomware, which was linked to 17% of ransomware data leaks. While the victims of this ransomware strain have faced data encryption, the threat of data leaks and the wider risk of distributed denial of service attacks disrupting operations, the strain is now believed to be inactive.
One significant trend identified is the prevalent issue of ransomware gangs threatening to leak the stolen sensitive data of non-paying victims to damage organisational reputation. This additional pressure to force a pay-out is known as ‘double extortion’, which is an increasing tactic used by threat actors.
This issue is affecting organisations around the world, with 49% of victims from known locations in the last three months based in the US, followed by 7% in France and 4% in Germany. One notable example is the Colonial Pipeline ransomware attack in June 2021, carried out by affiliates of the DarkSide ransomware. The attack resulted in the shutdown of oil supplies and fuel shortages across the US.
NCC group global lead for threat intelligence Christo Butcher said, “We have seen targets range from IT companies and suppliers to financial institutions and critical national infrastructure providers, with ransomware-as-a-service increasingly being sold by ransomware gangs in a subscription model.
“It’s therefore crucial for organisations to be proactive about their resilience. This should include proactive remediation of security issues, and operating a least-privilege model, which means that if a user’s account is compromised, the attacker will only be able to access and/or destroy a limited amount of information.” A