A new research report from cybersecurity firm Digital Shadows showed that in Q2 of 2021, over 700 organizations were hit by ransomware. The attacks resulted in the leaking of sensitive data, huge financial losses to businesses, fuel shortages, and prompted governments to take a joint action against ransomware gangs.
Out of the almost 2,600 victims who were listed on ransomware data leak sites, over 700 victims were added in Q2 2021 alone – this is a 47% increase compared to Q1.
The report provides a detailed analysis of the events that occurred during the 2nd quarter, including the attack on Colonial Pipeline and the rise of law enforcement agencies’ efforts against individuals involved in ransomware activities.
While traditional ransomware techniques remained the norm, new threats emerged, Digital Shadows’ Photon Research Team noted. One of these includes double extortion, where a threat actor steals sensitive data before encrypting the victim’s servers and threatens to make it public unless a ransom is paid.
Digital Shadows has been tracking 31 Dark Web leak sites, monitoring how many groups have reported stealing data from victims in ransomware attacks. Attacks on industrial goods and services companies dominated the leak sites, according to the report. This was followed by construction and materials, retail, technology, and healthcare organizations.
Retail has seen the biggest uptick in ransomware attacks, with researchers at Digital Shadows estimating that the attacks grew by 183% between Q1 and Q2 of 2018.
The Conti group was the most active, followed by Avaddon, PYSA, and REvil.
“This is the second consecutive quarter that we have seen Conti as the most active in terms of victims named to their DLS. Conti, believed to be related to the Ryuk ransomware, has consistently and ruthlessly targeted organizations in critical sectors, including emergency services,” the report said, noting the group’s devastating attack on Ireland’s healthcare system.
In Q2, many of the major ransomware groups in the market suddenly ceased operations fearing law enforcement action. But many new ones emerged from nowhere, too. Some of them, like Vice Society, Hive, Prometheus, LV Ransomware, Xing, and Grief launched their own Dark Web leak sites.
The report also noted that 60% of the victims are based in the US. In Q2, over 350 US organizations were affected by ransomware, which is three times more than the total number of victims from France, the UK, and Italy combined.
“Ransomware operations will likely continue to operate brazenly into the third quarter of 2021, giving limited thought to who they are targeting and more to how much money they might make,” the researchers concluded.
Image: Digital Shadows