- I opened up a cheap 600W charger to test its build, and found 'goo' inside
- How to negotiate like a pro: 4 secrets to success
- One of the cheapest Android tablets I've ever tested replaced my iPad with no sweat
- I use this cheap Android tablet more than my iPad Pro - and don't regret it
- The LG soundbar made my home audio sound like a theater - even though it's not the newest model
Ransomware Attacks Soared 150% in 2020
Ransomware surged by 150% in 2020 with the average extortion amount doubling, according to a new report from Group-IB.
The Singapore-based security firm analyzed over 500 attacks last year to compile its Ransomware Uncovered 2020-2021 report, which maps for the first time the most common tactics, techniques and procedures (TTPs) to the MITRE ATT&CK framework.
The average ransom demand stood at $170,000 last year, but groups like Maze, DoppelPaymer, and RagnarLocker averaged between $1 million and $2 million, it claimed.
This is because of their focus on “big-game hunting” — going after large and usually privately held organizations that are judged rich enough to pay large sums to avoid downtime. In fact, the average ransomware victim suffered 18 days of outages last year, which could have a chilling effect on revenue and reputation.
This is also why most of the attacks Group-IB studied were targeted at North America and Europe, where most Fortune 500 firms are located.
Even nation state groups like North Korea’s Lazarus and China’s APT27 have been getting involved, the report claimed.
However it was the Maze (20%), Egregor (15%) and Conti (15%) groups that accounted for most of the attacks analyzed by Group-IB.
The Ransomware-as-a-Service (RaaS) model accounted for the majority (64%) of attacks studied for this paper, and 15 new affiliate programs appeared in 2020.
Although the Maze group appeared to bow out in late 2020 while police managed to disrupt variants such as Egregor and Netwalker, new entrants to the market like Conti and DarkSide were also quick to appear during the year.
In a reflection of the shift to mass remote working during the pandemic, over half (52%) of attacks studied in the report used publicly accessible RDP servers to gain initial access, followed by phishing (29%) and exploitation of public-facing applications (17%).
Oleg Skulkin, senior digital forensics analyst at Group-IB, argued that going forward RaaS programs would continue to grow, with more cyber-criminals focusing their efforts on specific niches such as initial network access for resale and data exfiltration.
“The pandemic has catapulted ransomware into the threat landscape of every organization and has made it the face of cybercrime in 2020,” said Oleg Skulkin, senior digital forensics analyst at Group-IB. “From what used to be a rare practice and an end-user concern, ransomware has evolved last year into an organized multi-billion industry with competition within, market leaders, strategic alliances and various business models. This successful venture is only going to get bigger from here.”
