"Double Extortion Ransomware Victims Soar 935%"

Security researchers at Group-IB have recorded a 935% year-on-year increase in double extortion attacks, with data from over 2300 companies posted onto ransomware extortion sites. The Group-IB findings are from the second half of 2020 to the first half of 2021.  The researchers claimed that during that time, an “unholy alliance” of initial access brokers and ransomware-as-a-service (RaaS) affiliate programs has led to a surge in breaches.  In total, the number of breach victims on ransomware data leak sites surged from 229 in the previous reporting period to 2371, Group-IB noted. During the same period, the number of leak sites more than doubled to 28, and the number of RaaS affiliates increased 19%, with 21 new groups discovered.  The researchers warned that, even if victim organizations pay the ransom, their data often end up on these sites.  The researchers stated that Conti was the most aggressive ransomware group, leaking data on 361 victims (16.5%), followed by Lockbit (251), Avaddon (164), REvil (155) and Pysa (118).  The initial access broker landscape has also matured significantly over the past year. Group-IB claimed to have discovered 229 new players in the market, with the total now standing at 262. The number of offers on underground sites to sell access to companies almost tripled, from 362 to 1,099.

Infosecurity reports: "Double Extortion Ransomware Victims Soar 935%"