Ransomware attacks appear to dominate cyberspace. According to a report by Digital Shadows, ransomware families including Maze, Sodinokibi, Conti, and Netwalker were responsible for 80 percent of the alerts published between July and September.
Key highlights for Q3 2020
While many well-known ransomware operators now own data leak sites, some have also added DDoS attack capability to quickly extort money from the victims. Let’s review what most of the well-known ransomware families have been up to in Q3 2020.
- Conti and NetWalker ransomware accounted for 29% of alerts associated with ransomware dumpsites.
- Sodinokibi ransomware operators were seen recruiting more team members with good penetration testing skills.
- DoppelPaymer ransomware’s activity decreased, however, other ransomware groups were active.
- Seven data leak sites were created, signifying that cybercriminals are learning from ransomware families.
In recent weeks, many ransomware attacks have targeted various sectors including IT, healthcare, government, education, insurance, and transportation.
- Recently, Maze ransomware operators leaked about 9GB of data stolen from Toledo Public Schools, whereas Montreal's Société de transport de Montréal (STM) public transport system also disclosed a ransomware attack on its network.
- Meanwhile, several other organizations recently revealed being targeted by various ransomware attacks including IT giant Software AG, insurance firm Ardonagh Group, Health tech firm testing coronavirus treatments eResearchTechnology, City of Shafter, Springfield Public Schools, and a few more.
The report shows a growing trend of ransomware attacks as they are becoming more prominent and prevalent. Thus, experts suggest providing training around phishing lures and emails, applying security patches, and taking backups of corporate data. Furthermore, users should avoid using untrustworthy sources for downloading files or applications.