This was published by the Threat Intelligence Division Unit 42 of the information security company Palo Alto Networks reportaccording to which the segment of ransomware viruses has grown significantly in the past year.
According to Unit 42, a record number of organizations have been hit by ransomware attacks, and the number of organizations that have agreed to pay a ransom for data decryption has also increased. The attackers are setting new records thanks to the new practice of posting “leaked pages” on the dark web – even some of the publicly available data put additional pressure on the victims of the blackmail and force them to pay.
Based on last year’s cases, Unit 42 analysts calculated that the average ransom demanded by cybercriminals increased by 144% to $2.2 million, while the average actual payment increased by 78% to $540,000 retail, healthcare and manufacturing.
The most active last year was the Conti hacker group – they accounted for an average of more than one in five incidents dealt with by Unit 42 consultants, followed by the FSB-neutralized Revil group with 7.1% of incidents, and the third was shared by Hello Kitty and Phobos, whose “brands” appeared 4.8% of the time.
The Conti Group has published data on 511 leaked organizations on its website, which is also a record number. In addition, 35 new groups specializing in ransomware viruses have emerged in the past year. Some of the proceeds from illegal activities were used by attackers to develop new, easier-to-use cyberattack tools, and zero-day vulnerabilities were increasingly exploited.
The role of websites with leaks that put additional psychological pressure on victims in extortion schemes has increased sharply – data on 2566 organizations has been published. 60% of the victims were in the Americas, 31% in Europe, the Middle East and Africa, and another 9% in the Asia-Pacific region.