During the pandemic-ridden year 2020, global cyberspace became more vulnerable to hackers as a new report estimates that the number of ransomware attacks grew by more than 150% last year.
Group-IB, a global threat hunting and adversary-centric cyber intelligence company has recently presented the study titled 'Ransomware Uncovered 2020-2021' based on the analysis of more than 500 attacks observed.
According to their data, by the end of 2020, the ransomware market had turned into the biggest cybercrime money artery fuelled by pandemic turbulence.
In 2020, ransomware attacks on average caused 18 days of downtime for the affected companies, while the average ransom amount increased almost twofold compared to the previous year.
Ransomware operations turned into robust competitive business structures going after large enterprises, with Maze, Conti, and Egregor gangs having been at the forefront last year. North America, Europe, Latin America, and the Asia-Pacific became the most commonly attacked regions respectively.
The top 5 most active ransomware families, according to Group-IB, were Maze, Conti, Egregor, DoppelPaymer, and REvil.
The attacks not only grew in numbers but also in scale and sophistication – the average ransom demand increased by more than twofold and amounted to $170,000 in 2020.
Group-IB DFIR team found out that ransom demands from Maze, DoppelPaymer, and RagnarLocker averaged between $1 million and $2 million in 2020.
In 52% of all attacks publicly accessible RDP servers were used to gain initial access, followed by phishing (29%), and exploitation of public-facing applications (17%).
Group-IB Threat Intelligence & Attribution system recorded the emergence of 15 new public ransomware affiliate programs last year.
Ransomware-as-a-Service or 'RaaS' involves the developers selling or leasing malware to the program affiliates for further network compromise and ransomware deployment. The profits are shared between the operators and program affiliates. Group-IB DFIR team observed that 64% of all ransomware attacks it analyzed in 2020 came from operators using the RaaS model.
"The pandemic has catapulted ransomware into the threat landscape of every organization and has made it the face of cybercrime in 2020," says Oleg Skulkin, senior digital forensics analyst at Group-IB.