The Number Of Double-Extortion Ransomware Victims Sees Massive 935% Increase In 2021

by | December 23, 2021 | Cybersecurity News

A jaw-dropping three-digit spike in the number of companies hit with double-extortion ransomware attacks, most likely due to easy access to corporate networks and RaaS tools, is a matter of concern, researchers warn.

The Double-Extortion Method Used In Ransomware Hits Fuels Massive Increase In Damages

Experts found that weak corporate security controls and the expanding ransomware-as-a-service (RaaS) affiliate market are to blame for the ransomware business booming in recent years.

Getting access to compromised networks is cheap, and every cybercrook wannabe can infiltrate them with the help of initial-access brokers or RaaS tools.

The grim conclusions are according to findings from Group-IB’s Hi-Tech Crime Trends Report 2021/2022, which details the concerning figures behind what the analysis calls an “unholy alliance” between ransomware actors and corporate-access brokers. Experts found that the lethal combo has fueled a staggering 935% spike in the number of companies that had fallen victim to double-extortion ransomware attacks and had their stolen data published on data leak sites.

Ransomware gangs have been increasingly adopting the double-extortion strategy. The method involves the attacker stealing an organization’s data and threatening to expose it unless the ransom is paid. The report found that the trend is gaining traction among cybercriminals.

Getting Initial Access Is Piece Of Cake

Over the course of 2020, Group-IB discovered a significant growth (from 85 to 229) in the number of active initial-access brokers. In addition, researchers found that the number of offers selling access has tripled (from 362 to 1,099).

The double-extortion method has caused damages to jump to 935% this year.
Credit: Group-IB

“Poor corporate cyber-risk management combined with the fact that tools for conducting attacks against corporate networks are widely available both contributed to a record-breaking rise in the number of initial access brokers,” the analysis wrote.

The report also spotted 21 new RaaS affiliate programs and 28 data leak sites over the past year.

The Data Leak Threat

Over the first three quarters of this year, 47% more stolen corporate data ended up exposed on ransomware operators’ leak websites than during all of 2020, according to the report. However, the report warns companies that paying up is no guarantee the data won’t be published anyway.

“In practice, however, victims can still find their data on the DLS even if the ransom is paid,” the report noted.

To add to an already grim landscape, the actual number of victims is likely larger than detected: “Taking into account that cybercriminals release data relating to only about 10 percent of their victims, the actual number of ransomware attack victims is likely to be dozens more,” the report said. “The share of companies that pay the ransom is estimated at 30 percent.”

The Conti ransomware group is responsible for leaking data on approximately 361 victims and for around 16.5% of the total stolen data published on data leak sires in 2021.

Group-IB found that the majority of double-extortion victims were in the U.S. (968), followed by Canada (110) and France (103). The most heavily targeted industries were manufacturing, education, financial services, healthcare, and e-commerce.

Credit: Group-IB

Phishing Attack Affiliate Boom

As if the ransomware threat wasn’t enough, the affiliate market for phishing scams is also growing. Group-IB spotted over 70 new programs that appeared in 2020, reporting that these scammers caused losses worth around $10 million last year.

“Phishing and scam affiliate programs actively use Telegram bots that provide participants with ready-to-use scam and phishing pages,” the report explained. “This helps scale phishing campaigns and tailor them to banks, popular email services, and other organizations.”

Protect Your Business With ATTACK Simulator

If you’re a business owner, bear in mind that ransomware has evolved into a significant threat to organizations of all sizes. And with more ransomware creators adopting the RaaS model, we can only expect it to get worse.

You can successfully defend your business partly by training your employees on cybersecurity matters and especially phishing attacks, and partly by adopting more rigorous security measures, such as implementing multi-factor authentication and user behavior analytics.

Most ransomware attacks have one thing in common: their infectious vector – phishing emails.

ATTACK Simulator’s Security Awareness Training program will help you equip your employees with the necessary security knowledge and up-to-date security practices to keep your company safe from scammers and avoid potentially irreparable damage.

Put your employees to the test with our free security awareness training trial and find out where you stand against a phishing attack!


Threatpost ‘Double-Extortion’ Ransomware Damage Skyrockets 935%

GROUP-IB Ransomware, carding, and initial access brokers: Group-IB presents report on trending crimes


Photo by Mackenzie Marco on Unsplash

by Diana Panduru

Content writer for Attack Simulator. Passionate about all things writing and cybersecurity, and obsessed with driving. I sometimes indulge in pencil drawing, poetry, and cooking for fun.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.