The growing threat of ransomware has been highlighted by NCC Group's Research Intelligence and Fusion Team (RIFT) analysis. Between January-March 2021 and April-June 2021, the number of ransomware assaults studied by the team climbed by 288%, indicating that enterprises are still facing waves of digital extortion in the form of targeted ransomware.
The rise of the "triple extortion" ransomware technique whereby attackers, in addition to stealing sensitive data and threatening to release it publicly unless a payment is made, also target the organization's customers, vendors, or business partners in the same way, has fuelled the increase in attacks.
Conti ransomware, which commonly employs email phishing to remote into a network via an employee's device, was responsible for 22% of ransomware data leaks studied between April and June. The Avaddon ransomware, which was linked to 17% of ransomware data leaks, was just behind it. While victims of this ransomware strain faced data encryption, the potential of data breaches, and the larger risk of DDoS attacks disrupting operations, the ransomware strain is now thought to be dormant.
In addition to the substantial increase in ransomware assaults, organizations have seen a 29% of cyber-attacks worldwide, with the largest growth rates in the Europe Middle East and Africa (EMEA) area and America, at 36% and 24%, respectively. While the Asia-Pacific (APAC) region witnessed only a 13% increase in attacks, it had the highest number of weekly cyber intrusions at 1,338. The weekly number for EMEA was 777, while the weekly number for America was 688.
This issue is hurting organizations all over the world, with the United States accounting for 49% of victims with known locations in the last three months, followed by France at 7% and Germany at 4%. The Colonial Pipeline ransomware attack in June, which was carried out by DarkSide ransomware affiliates, is one significant case. Oil supplies were disrupted, and there were fuel shortages across the United States as a result of the strike.
Christo Butcher, global lead for threat intelligence at NCC Group, said: “Over the years, ransomware has become a significant threat to organizations and governments alike. We’ve seen targets range from IT companies and suppliers to financial institutions and critical national infrastructure providers, with ransomware-as-a-service increasingly being sold by ransomware gangs in a subscription model.”
“It’s therefore crucial for organizations to be proactive about their resilience. This should include proactive remediation of security issues, and operating a least-privilege model, which means that if a user’s account is compromised, the attacker will only be able to access and/or destroy a limited amount of information,” he added.
