Ransomware surged by 150% in 2020 with the regular extortion total doubling, according to a new report from Group-IB.
The Singapore-centered security business analyzed about 500 attacks very last yr to compile its Ransomware Uncovered 2020-2021 report, which maps for the to start with time the most widespread strategies, strategies and processes (TTPs) to the MITRE ATT&CK framework.
The common ransom desire stood at $170,000 last yr, but groups like Maze, DoppelPaymer, and RagnarLocker averaged concerning $1 million and $2 million, it claimed.
This is for the reason that of their target on “big-activity hunting” — likely immediately after substantial and usually privately held companies that are judged abundant ample to pay massive sums to keep away from downtime. In simple fact, the common ransomware sufferer experienced 18 times of outages past calendar year, which could have a chilling influence on profits and track record.
This is also why most of the attacks Team-IB researched have been focused at North The united states and Europe, where by most Fortune 500 companies are situated.
Even country state groups like North Korea’s Lazarus and China’s APT27 have been having concerned, the report claimed.
However it was the Maze (20%), Egregor (15%) and Conti (15%) teams that accounted for most of the attacks analyzed by Group-IB.
The Ransomware-as-a-Provider (RaaS) model accounted for the bulk (64%) of attacks researched for this paper, and 15 new affiliate systems appeared in 2020.
Though the Maze group appeared to bow out in late 2020 although police managed to disrupt variants these kinds of as Egregor and Netwalker, new entrants to the industry like Conti and DarkSide have been also brief to appear all through the yr.
In a reflection of the shift to mass remote operating throughout the pandemic, in excess of fifty percent (52%) of assaults researched in the report utilised publicly accessible RDP servers to obtain initial accessibility, adopted by phishing (29%) and exploitation of public-dealing with apps (17%).
Oleg Skulkin, senior digital forensics analyst at Team-IB, argued that likely ahead RaaS systems would keep on to expand, with far more cyber-criminals focusing their efforts on certain niches these as original network obtain for resale and information exfiltration.
“The pandemic has catapulted ransomware into the menace landscape of every business and has made it the facial area of cybercrime in 2020,” reported Oleg Skulkin, senior electronic forensics analyst at Group-IB. “From what employed to be a rare observe and an end-person problem, ransomware has progressed very last yr into an organized multi-billion industry with competitiveness within, market place leaders, strategic alliances and many business styles. This prosperous venture is only likely to get even larger from listed here.”