A New Report Shows that 6 Ransomware Gangs Impacted More than 290 Companies in 2021
The Attacks We See in the News Are Only a Small Piece of the Real Number of Victims, According to the Report.
Ransomware attacks, a form of malicious software that targets victims’ computers limiting access until they pay a ransom, have seen an excruciating increase in cybercrime in 2021.
A new study conducted by a Canadian cybersecurity enterprise shows that in the last few months, approximately 300 organizations have been affected by 6 ransomware gangs.
Ireland’s Health Service Executive, French insurance company AXA, the largest fuel pipeline operator in the U.S, and chemical distribution company Brenntag SE are some of the latest victims of ransomware attacks.
The report stated:
Another sobering realization is that no single industry is immune from this ransomware scourge.
These debilitating attacks are happening across all regions and all sectors, and it is imperative that all companies and private-sector organizations implement security protections to mitigate the damages stemming from a ransomware attack.
The report approximates that the ransomware cybercriminals succeeded to gather at least $45 million from these attacks and points out numerous incidents that were never announced.
The Canadian cybersecurity teams’ attention has been focused entirely on Ryuk/Conti, Sodin/REvil, CLOP, and DoppelPaymer ransomware gangs, as well as two emerging but remarkable groups in DarkSide and Avaddon.
Ransomware Attacks On The Rise
According to the report, the Ryuk/Conti gang has damaged 352 companies since 2018 and 63 in 2021, focusing mostly on manufacturing, construction, and transportation enterprises. Among others, their list of victims includes Broward County Public Schools, Ireland’s Health Service Executive, and SEPE, the Spanish government agency for labor systems.
Last year, the gang also attacked the IT systems of small governments across the United States forcing them to pay the demanded ransom which varied from $130,000 to almost $600,000.
Threat actors behind the Sodin/REvil ransomware attacks are aiming at healthcare companies but they also focus on laptop producers. The gang organized the famous attacks on two of the world’s biggest technology manufacturers: Acer and Quanta.
The latter declined the ransomware gang request to pay a $50 million ransom causing the leakage of detailed designs of an Apple product.
Clop ransomware has been associated with cybercriminals who have been using Accellion File Transfer Appliance (FTA) vulnerabilities: CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, and CVE-2021-27104. The exploitation of these flaws led to the compromise of high-profile organizations starting in February. Also, there has been evidence of an affiliate utilizing a webshell dobbed DEWMODE that was being used to steal data from Accellion FTA devices.
Heimdal™ Ransomware Encryption Protection
- Blocks any unauthorized encryption attempts;
- Detects ransomware regardless of signature;
- Universal compatibility with any cybersecurity solution;
- Full audit trail with stunning graphics;
DarkSide Ransomware operates under the form of a Ransomware-as-a-Service (RaaS), in which the gains are shared between its holders and partners, or affiliates, who allow access to companies and execute the ransomware. The DarkSide ransomware gang gets around 25% of a ransom payment, and the rest is taken by the affiliate who organized the assault.
Companies that are failing to pay the requested ransom are threatened with the public release of private data and records stolen during initial access on a leak site.
This gang is responsible for the Colonial Pipeline attack which forced the largest fuel pipeline operator in the U.S to stop all operations on its systems.
Another ransomware gang dubbed Avaddon is responsible for the French insurance company AXA attack. The attack comes days after the company officially announced that it will halt cyber insurance policies in France that refund victims hit by ransomware attacks for payment made to hackers.
According to the cybersecurity company report, the huge number of unreported cyber assaults show that these ransomware groups are “wreaking havoc against many more entities than the public realizes.”