Double Extortion Ransomware Attacks That Publish Victim Data Increase 935%

According to new data, the number of victim companies impacted by double extortion has jumped from 229 by the first half of 2020 to nearly 2400 by the first half of 2021.

Something big is going on in the world of ransomware – it might be that organizations aren’t paying the ransom and are willing to risk the damage done with the publishing of stolen data. Or maybe it’s that cybercriminal groups are seeing the value in publishing some of the data and selling the rest to the highest bidder.

Regardless of the motivation, according to Group IB’s Hi-Tech Crime Trends 2021/2022 Corporansom report, the way the “business” of ransomware functions appears to be changing. According to the report:

• Most ransomware affiliate programs are private where the affiliate must know the ransomware group personally. However, the number of public affiliate ransomware “programs” has grown in the last year by 23%. This means there’s more opportunity for everyone that wants to get in on the ransomware trend.
• The number of data leak sites has grown by 115% to 28 sites on the dark web, with the very first instance of a data leak site posting fake data about an attack.
• Manufacturing, Real Estate, and Transportation are the top 3 most attacked industries

What’s also interesting (and doesn’t entirely add up) is that, according to Group IB, only 30% of organizations pay the ransom, and yet only 10% of attacks companies have their data published. I can only guess the number of orgs paying the ransom is underreported, or cybercriminals are finding other ways to monetize the stolen data (despite orgs not paying the ransom).

According to Group IB, the number of ransomware victims and data leak sites will continue grow. So, the only good recourse is a solid defense to stop ransomware attacks from being successful. A layered defense that includes Security Awareness Training is critical to ensure users don’t fall for phishing attacks used as the initial attack vector.