A new report from Digital Shadow highlights the worrying information that the number of ransomware victims named on data leak sites increased by 47% compared to Q1 of 2021.
Ransomware victims were posted on dark web data leak sites
In Q2 of 2021, over 700 organizations were hit by ransomware attacks and had their private data exposed on data leak sites, according to cybersecurity firm Digital Shadow’s new research report.
Out of the total number of almost 2,600 victims posted on such sites, 740 of them were listed during Q2, which is 47% more than in the first quarter of 2021.
Ransomware attacks follow new trends
But these weren’t the only concerning discoveries that the research team made. Digital Shadows’ Photon Research Team also uncovered that other ransomware trends were emerging. For example, double extortion strategies have grown popular among hackers seeking to inflict as much damage as possible after attacks since the Maze ransomware organization helped bring the data leak site idea into vogue.
Digital Shadows traced the data back to 31 dark web sites. These sites contain information regarding how many organizations are currently stealing data during ransomware attacks and posting it online.
According to dark web leak sites, companies in the industrial goods and services sector are apparently the main focus of attackers. Other heavily targeted sectors are construction and materials, retail, technology, and healthcare institutions.
However, according to Digital Shadows’ researchers, the retail sector seems to be highly sought after by hackers, seeing an astonishing 183% increase in ransomware attacks between Q1 and Q2.
In terms of activity, the top four hacking groups were Conti, Avaddon, PYSA, and REvil.
“This is the second consecutive quarter that we have seen Conti as the most active in terms of victims named to their DLS. Conti, believed to be related to the Ryuk ransomware, has consistently and ruthlessly targeted organizations in critical sectors, including emergency services,” the report said, highlighting the group’s devastating attack on Ireland’s healthcare system.
The report also states that cybercriminals groups either disappeared or emerged out of nowhere on the broader ransomware market. For example, in Q2, Avaddon, Babuk Locker, DarkSide, and Astro Locker ransomware groups all shut down operations. In contrast, groups such as Vice Society, Hive, Prometheus, LV Ransomware, Xing, and Grief ransomware operations emerged with their own Dark Web leak sites, according to Digital Shadows.
Digital Shadows’ report also shows that 60% of the victims listed on data leak sites are organizations located in the US, with only Canada seeing a slight decrease in ransomware attacks from Q1 to Q2.
Things are not looking so good for the US, as more than 350 US companies were compromised by ransomware in the second quarter of this year, followed by 46 from France, 39 from the UK, and 35 from Italy.
The researchers behind the report questioned whether Q3 would see more attacks resembling the Kaseya ransomware attack, where REvil operators used a zero-day vulnerability to compromise more than 40 Managed Service Providers.
“Ransomware operations will likely continue to operate brazenly into the third quarter of 2021, giving limited thought to who they are targeting and more to how much money they might make,” the researchers stated.
As threats never cease to evolve, and chances are they could hit your company at any moment, why postpone training and educating your employees on the online dangers?