Threefold increase in targeted ransomware attacks in 2021
Analysis from NCC Group's Research Intelligence and Fusion Team (RIFT) has highlighted the growing threat of ransomware around the world.
The number of ransomware attacks analysed by the team has increased by 288% between January-March 2021 and April-June 2021, with organisations continuing to face waves of digital extortion in the form of targeted ransomware.
According to the research, 22% of ransomware data leaks analysed between April and June were attributed to Conti ransomware, which often uses email phishing to remote into a network via an employees device. This was closely followed by Avaddon ransomware, which was linked to 17% of ransomware data leaks.
While the victims of this ransomware strain have faced data encryption, the threat of data leaks, and the wider risk of distributed denial of service (DDoS) attacks disrupting operations, the strain is now believed to be inactive.
One significant trend identified by NCC Group is the prevalent issue of ransomware gangs threatening to leak the stolen sensitive data of non-paying victims to damage organisational reputation. This additional pressure to force a pay out is known as double extortion, which is an increasing tactic used by threat actors.
NCC Group says this issue is affecting organisations around the world, with 49% of victims with known locations in the last three months based in the United States, followed by 7% in France and 4% in Germany.
One notable example is the Colonial Pipeline ransomware attack in June, carried out by affiliates of the DarkSide ransomware. The attack resulted in the shutdown of oil supplies and fuel shortages across the United States.
Over the years, ransomware has become a significant threat to organisations and governments alike," says Christo Butcher, global lead for threat intelligence at NCC Group.
"We have seen targets range from IT companies and suppliers to financial institutions and critical national infrastructure providers, with ransomware-as-a-service increasingly being sold by ransomware gangs in a subscription model," he says.
"It is therefore crucial for organisations to be proactive about their resilience," Butcher says.
"This should include proactive remediation of security issues, and operating a least-privilege model, which means that if a users account is compromised, the attacker will only be able to access and/or destroy a limited amount of information."
NCC Group is an information assurance firm headquartered in Manchester, United Kingdom. Its service areas cover software escrow and verification, cyber security consulting and managed services. NCC Group claims over 15,000 clients worldwide.