Researchers have recorded a 935% year-on-year increase in double extortion attacks, with data from over 2300 companies posted onto ransomware extortion sites.
Group-IB’s Hi-Tech Crime Trends 2021/2022 report covers the period from the second half of 2020 to the first half of 2021.
During that time, an “unholy alliance” of initial access brokers and ransomware-as-a-service (RaaS) affiliate programs has led to a surge in breaches, it claimed.
In total, the number of breach victims on ransomware data leak sites surged from 229 in the previous reporting period to 2371, Group-IB noted. During the same period, the number of leak sites more than doubled to 28, and the number of RaaS affiliates increased 19%, with 21 new groups discovered.
Group-IB warned that, even if victim organizations pay the ransom, their data often end up on these sites.
Conti was said to be the most aggressive ransomware group, leaking data on 361 victims (16.5%), followed by Lockbit (251), Avaddon (164), REvil (155) and Pysa (118).
The initial access broker landscape has also matured significantly over the past year. Group-IB claimed to have discovered 229 new players in the market, with the total now standing at 262. The number of offers on underground sites to sell access to companies almost tripled, from 362 to 1,099.
The number of sectors impacted by such threats also surged from 20 to 35. Those most affected were manufacturing (9%), education (9%), financial services (9%), healthcare (7%), and commerce (7%). The US (30%) was most frequently targeted, followed by France (5%) and the UK (4%).
Elsewhere, cyber-criminals participating in phishing and scam affiliate programs pocketed a total of at least $10m over the period, while the carding market shrunk by 26%, from $1.9bn to $1.4bn.