Ransomware remains a growing and increasingly problematic threat to organizations across all industries. Posing a significant and increasing threat throughout 2021, ‘Big game hunter’ ransomware campaigns, orchestrated by highly sophisticated organized cybercriminal groups, continue to compromise and extort high-value ransoms from victim organizations. While statistics related to ransomware activity over the past year differ, all are consistent in identifying a week-on-week increase in attacks. The United States is one of the top targeted countries (Figure 1).
We witnessed an overall number of 2,845 ransomware cases this year, and found that the top three sectors hit by successful campaigns were the Industrial & Energy, Retail, and Finance sectors, respectively (Figure 2).
Conti most effective, with 599 successful campaigns, showing dominance in this sector, while Lockbit was right behind with “only” 545 successful campaigns (Figure 3).
Typically, major ransomware groups utilize ‘steal, encrypt and leak’ tactics, pressuring their victims into paying high-value ransoms to avoid exposure. These groups continue to evolve their tactics, techniques, and procedures (TTP), with new developments and recruitment, undoubtedly fueled by the enormous financial gains being made.
While the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) introduced sanctions against several ransomware threat actors in late 2020, prohibiting US-interests from making ransom payments to individuals or entities on the ‘Specially Designated Nationals and Blocked Persons List (SDN List)’, in addition to countries with other embargoes, these ransomware groups continue to operate and reap financial rewards.
With many ransomware attacks resulting in the widespread encryption of data and systems across victim networks, often leading to significant periods of downtime, unprotected victims may feel inclined to promptly pay ransoms, especially if covered by a cyber-insurance policy, to regain access to their data.