740 Ransomware Victims Listed On Data Leak Sites in Q2 2021, New Report Shows

by | July 26, 2021 | Cybersecurity News

A new report from Digital Shadow highlights the worrying information that the number of ransomware victims named on data leak sites increased by 47% compared to Q1 of 2021.

Ransomware victims were posted on dark web data leak sites

In Q2 of 2021, over 700 organizations were hit by ransomware attacks and had their private data exposed on data leak sites, according to cybersecurity firm Digital Shadow’s new research report.

Out of the total number of almost 2,600 victims posted on such sites, 740 of them were listed during Q2, which is 47% more than in the first quarter of 2021.

The report contains data on the quarter’s major incidents, including the attacks on fuel provider Colonial Pipeline and global meat processor JBS.

But these weren’t the only concerning discoveries that the research team made. Digital Shadows’ Photon Research Team also uncovered that other ransomware trends were emerging. For example, double extortion strategies have grown popular among hackers seeking to inflict as much damage as possible after attacks since the Maze ransomware organization helped bring the data leak site idea into vogue.

Digital Shadows traced the data back to 31 dark web sites. These sites contain information regarding how many organizations are currently stealing data during ransomware attacks and posting it online.

According to dark web leak sites, companies in the industrial goods and services sector are apparently the main focus of attackers. Other heavily targeted sectors are construction and materials, retail, technology, and healthcare institutions.

However, according to Digital Shadows’ researchers, the retail sector seems to be highly sought after by hackers, seeing an astonishing 183% increase in ransomware attacks between Q1 and Q2.

In terms of activity, the top four hacking groups were Conti, Avaddon, PYSA, and REvil.

“This is the second consecutive quarter that we have seen Conti as the most active in terms of victims named to their DLS. Conti, believed to be related to the Ryuk ransomware, has consistently and ruthlessly targeted organizations in critical sectors, including emergency services,” the report said, highlighting the group’s devastating attack on Ireland’s healthcare system.

The report also states that cybercriminals groups either disappeared or emerged out of nowhere on the broader ransomware market. For example, in Q2, Avaddon, Babuk Locker, DarkSide, and Astro Locker ransomware groups all shut down operations. In contrast, groups such as Vice Society, Hive, Prometheus, LV Ransomware, Xing, and Grief ransomware operations emerged with their own Dark Web leak sites, according to Digital Shadows.

Digital Shadows’ report also shows that 60% of the victims listed on data leak sites are organizations located in the US, with only Canada seeing a slight decrease in ransomware attacks from Q1 to Q2.

Things are not looking so good for the US, as more than 350 US companies were compromised by ransomware in the second quarter of this year, followed by 46 from France, 39 from the UK, and 35 from Italy.

The researchers behind the report questioned whether Q3 would see more attacks resembling the Kaseya ransomware attack, where REvil operators used a zero-day vulnerability to compromise more than 40 Managed Service Providers. 

“Ransomware operations will likely continue to operate brazenly into the third quarter of 2021, giving limited thought to who they are targeting and more to how much money they might make,” the researchers stated.

As threats never cease to evolve, and chances are they could hit your company at any moment, why postpone training and educating your employees on the online dangers?

Attack Simulator‘s Security Awareness Training program is the perfect solution for your business. So don’t waste another minute and get your quote here.


ZDNet www.zdnet.com/740-ransomware-victims-named-on-data-leak-sites


Feature Image: Photo by Alexander Sinn on Unsplash

by Diana Panduru

Content writer for Attack Simulator. Passionate about all things writing and cybersecurity, and obsessed with driving. I sometimes indulge in pencil drawing, poetry, and cooking for fun.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.