Researchers say ransomware gangs are now frequently leaking stolen data of their victims. Since 2019, more than 2,100 companies had their data leaked across various data leak sites. One obvious reason for this trend is that many ransomware gangs are increasingly picking up the double extortion tactic to pressurize their victim organizations.
What’s going on?
A security researcher who goes by the name of DarkTracer had been tracking the data leak sites for thirty-four ransomware gangs. According to them, ransomware gangs have leaked data of 2,103 organizations so far.
- Some of the gangs tracked by the researcher include Team Snatch, Nefilim, Maze, Conti, DoppelPaymer, NetWalker, Nemty, Sekhmet, AKO, Sodinokibi, Ragnar Locker, Pysa, Suncrypt, and DarkSide.
- In all of the operations, the top five active operations belonged to Conti (338 leaks), followed by Sodinokibi (222 leaks), DoppelPaymer (200 leaks), Avaddon (123 leaks), and Pysa (103 leaks).
- In addition, two ransomware groups that are no longer active and had more leaks than some of those in the top five are Maze (266 leaks) and Egregor (206 leaks).
Recent ransomware reports
Ransomware operations are booming since last year and the COVID-19 pandemic added extra fuel. Several cybersecurity firms have recently disclosed their findings on ransomware operations.
- According to Sophos, around 37% of organizations were hit by ransomware in the last year and the average ransom paid by small and mid-sized organizations was around $170,404.
- The 2021 Unit 42 Ransomware Threat Report revealed that the average ransom paid for organizations increased from $115,123 in 2019 to $312,493 in 2020, a record 171% increase.
Conclusion
The data leak-based extortion model is now becoming a significant money-making strategy for ransomware gangs. With prominent players already in the game, many more cybercriminals are expected to follow suit in the future. In such circumstances, a proactive defense strategy is possibly the best way for organizations to prevent or stop any such ransomware attack.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_387500767.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_166214930.jpg)
