In 2020, ransomware operators resorted to a double ransomware strategy, in which attackers steal victims’ unencrypted files and then threaten to publish them if the ransom is not paid. Using data collected through automated channels, Digital Shadows recorded 550 double ransomware reports on data breach sites supported by more than a dozen ransomware groups.
Ransomware is now the standard approach for monetizing compromised companies, experts say. As discovered by experts from CrowdStrike, more than half of all the actions of its customers were aimed at eliminating the consequences of the attacks of programs-extortionists. The number of companies annually exposed to ransomware attacks remains stable – 51% of enterprises admitted to being attacked by ransomware in the last year. Three quarters of these attacks successfully encrypt some of the victim’s data.
The experts also noted that 66% of all ransomware notifications came from organizations and companies in North America.
According to Digital Shadows’ Q3 2020 Cyber Threats Report, Maze operators accounted for a third of all ransomware attacks recorded. In October last year, the group ended its criminal activities, and Maze partners switched to using ransomware called Egregor. Presumably, Egregor is the same software as Maze and Sekhmet in that they use the same ransom notes, the same payment site names, and have most of the same code. Egregor accounted for a third of ransomware attacks in the last quarter of 2020, including attacks on Barnes & Noble , game maker Ubisoft and Epicor Software.
Digital Shadows monitors data breach sites that ransomware groups use to publish stolen information. Six Maze, Egregor, Conti, Sodinokibi, DoppelPaymer and Netwalker accounted for 84% of hacks in 2020, according to the company.