This massive increase in the number of victim organizations being named demonstrates the harsh reality of how far ransomware threat actors will actually go if ransoms aren’t paid.
No organizations wants to be a victim of ransomware. And, if an attack does happen, even less organizations want the news to get out. But with ransomware threat actors using double extortion tactics – by encrypting data and threatening to release stolen data – and even engaging in triple extortion, the upper hand seems to be going to the cybercriminals.
New data from cybersecurity vendor Digital Shadows indicates a 47% growth in the number of victim organizations being outed on data leak sites in the second quarter of this year, when compared with Q1.
The largest industry impacted is Industrial Goods & Services, with the United States the prominent leader by a factor of at least 7 over the next country in the list.
Digital Shadows thinks with the success of the newsworthy attacks we’ve all seen in the last few months on well-known companies in the Industrial, Manufacturing, and Tech sectors, these selective attacks will continue, hitting companies that simply cannot afford to either be down or have their good name tarnished with a successful ransomware attack.
With organizations being considered “big game” for ransomware threat actors that have access to world-class Ransomware-as-a-Service and Initial Access Brokers (who sell compromised accounts and access to company networks), it’s only going to be easier and easier for more “wanna be” threat actors to get into the game with a material degree of efficacy.
Having a defense in place that includes Security Awareness Training to stop phishing-based initial attacks is critical now more than ever. By educating users continually, any email or web-based malicious content can be easily identified and avoided, before the threat actor gets control.