The number of ransomware attacks increased 288% between the first and second quarters of this year as double extortion attempts increased, according to the latest data from cybersecurity firm NCC Group.
Based on analysis of incidents handled by the Research Intelligence and Fusion Team (RIFT) team over the course of this year, the company claims that nearly a quarter (22%) of data leaks in the second quarter came from the Conti ransomware group. Conti typically gains initial network access to victims’ organizations through phishing emails.
According to RIFT researchers, next came Avaddon, which was responsible for 17% of incidents, although this variant is now considered inactive.
Unsurprisingly, nearly half (49%) of victims with known locations in the second quarter were in the United States, followed by 7% in France and 4% in Germany.
“We’ve seen targets ranging from businesses and IT vendors to financial institutions and critical infrastructure providers, with ransomware-as-a-service increasingly being sold by ransomware gangs on a subscription model,” said Christo Butcher, global leader of threat intelligence at the NCC Group, to Infosecurity.
According to him, it is crucial that organizations are proactive about their resilience. “This should include proactively fixing security issues and operating a least-privilege model, which means that if a user’s account is compromised, the attacker will only be able to access or destroy a limited amount of information.”
According to Group-IB data, ransomware attacks grew 150% year-on-year in 2020, with the average amount of extortion doubling. However, it is difficult to get an accurate, vendor-neutral picture of how threats are developing over time. Coveware, for example, claims that despite the increase in media coverage since the Colonial Pipeline incident, “in reality, the volume and severity of ransomware attacks were extreme, but relatively stable – for at least 18 months” .