The average payments made by victims of ransomware has gone up significantly in 2021, with cybercriminals stepping up their attacks with 35 new ransomware gangs joining the pack.

While the average payment rose 78 per cent to $5,41,010, the average ransom demand on cases worked by Unit 42 consultants last year went up by 144 per cent to $2.2 million.

Unit 42 is a research arm of the US-based cybersecurity solutions company Palo Alto Networks.

Maharashtra most affected

The hackers are increasing their attacks on victims in India too as the country ranked 10th globally in the number of ransomware attacks. As the attacks increased by 218 per cent, the country emerged the second in the Japan and Asia-Pacific region.

“About 42 per cent of total attacks in India are reported in Maharashtra. The top sectors that are being targeted in the country are software and services, capital goods, and the public sector,” the Ransomware Threat Report 2022 said.

The number of victims whose data was posted on leak sites rose 85 per cent in 2021 to 2,566 organisations. About 60 per cent of leak site victims were in the Americas, followed by 31 per cent in Europe, the Middle East and Africa, and 9 per cent in the Asia-Pacific region.

“We’ve seen gangs make threatening phone calls to employees and customers and launch denial of service (DoS) attacks to shut down a victim’s website,” Ryan Olson, Vice-President (Threat Intelligence) of Unit 42, said in the report.

RaaS operators

“In 2021, we also saw ransomware-as-a-service (RaaS) operators grow. RaaS operators offer a wide array of easy-to-use tools and services that make launching ransomware attacks almost as simple as using an online auction site,” he said.

The cybersecurity experts point out that the cybercriminals have perfected their malware and developed marketing strategies to recruit more affiliates. They even built up technical support operations to help victims get back online once they pay their ransoms.

“All these innovations have made it harder for organisations to defend against ransomware, forcing some to make the hefty sorts of payments,” he said.

As these gangs and RaaS operators find new ways to remove technical barriers and up the ante, ransomware will continue to challenge organizations of all sizes in 2022.

The report, which captures the ransomware attack landscape in 2021, felt that the ransomware cliques and RaaS operators would continue to innovate and remove technical barriers, if any, to increase the attacks in 2022.

Top groups

The most active ransomware groups in India were Lockbit2.0, Avaddon and Conti.

The Conti ransomware group was responsible for the most activity, accounting for more than 1 in 5 of the cases monitored by Unit 42.

REvil, also known as Sodinokibi, was No. 2 at 7.1 per cent, followed by Hello Kitty and Phobos (4.8 per cent each). Conti also posted the names of 511 organisations on its Dark Web leak site, the most of any group.

comment COMMENT NOW