Analysis: 740 organizations confronted ransomware assaults and had their information posted to leak web sites in Q2 2021, up 47% QoQ; assaults on retail sector grew 183% QoQ (Jonathan Greig/ZDNet)
evaluation qoq qoqgreigzdnet, Larger than 700 organizations had been attacked with ransomware and had their information posted to information leak web sites in Q2 of 2021, in accordance with a model new evaluation report from cybersecurity company Digital Shadows.
Out of the nearly 2,600 victims listed on ransomware information leak web sites, 740 of them had been named in Q2 2021, representing a 47% improve compared with Q1.
The report chronicles the quarter’s foremost events, which included the DarkSide assault on Colonial Pipeline, the assault on worldwide meat processor JBS, and elevated laws enforcement movement from US and European corporations.
Nevertheless Digital Shadows’ Photon Evaluation Workforce found that beneath the ground, completely different ransomware traits had been rising. As a result of the Maze ransomware group helped popularize the information leak web site thought, double extortion methods have become en vogue amongst groups looking for to inflict most hurt after assaults.
Digital Shadows tracks the info posted to 31 Darkish Web leak web sites, giving them entry to solely what variety of groups in the mean time are stealing information all through ransomware assaults and posting it on-line.
Data from companies throughout the industrial gadgets and corporations sector had been prevalent on Darkish Web leak web sites, in accordance with the report. Constructing and provides, retail, know-how, and healthcare organizations moreover dominated the itemizing of attacked organizations.
The retail sector seen the most important improve in ransomware assaults, with Digital Shadows researchers discovering a 183% improve between Q1 and Q2.
By the use of train, the Conti group led the best way during which adopted by Avaddon, PYSA, and REvil.
“That’s the second consecutive quarter that we’ve got now seen Conti as most likely probably the most energetic in terms of victims named to their DLS. Conti, believed to be related to the Ryuk ransomware, has continually and ruthlessly centered organizations in very important sectors, along with emergency corporations,” the report said, noting the group’s devastating assault on Ireland’s healthcare system.
Nevertheless the report notes that on the broader ransomware market, fairly just a few groups disappeared or emerged out of nowhere. In Q2, Avaddon, Babuk Locker, DarkSide, and Astro Locker ransomware groups all closed operations whereas groups like Vice Society, Hive, Prometheus, LV Ransomware, Xing, and Grief ransomware operations emerged with their very personal Darkish Web leak web sites, in accordance with Digital Shadows.
The report moreover notes that 60% of the sufferer organizations are primarily based throughout the US, with solely Canada seeing a reduction in ransomware assaults from Q1 to Q2.
Larger than 350 US organizations had been hit by ransomware in Q2 compared with 46 from France, 39 from the UK, and 35 from Italy.
The researchers behind the report questioned whether or not or not Q3 would see further assaults resembling the Kaseya ransomware assault, the place REvil operators used a zero-day vulnerability to compromise higher than 40 Managed Service Suppliers.
“Ransomware operations will likely proceed to operate overtly into the third quarter of 2021, giving restricted thought to who they’re concentrating on and additional to how rather a lot money they may make,” the researchers wrote.
