Ransomware damage since late 2019 has topped $1 billion

From November 2019 to November 2020, hackers conducted over 500 public attacks using ransomware across more than 45 countries. The total damage from their activity exceeded $1 billion, according to Group-IB specialists.

The most popular targets of the extortionists were US-based companies: they accounted for about 60% of all known attacks. The share of attacks in European countries was about 20%. Around 10% were attributed to countries in North and South America (excluding the United States) and Asia – 7%.

In the top five most attacked sectors are manufacturing – 94 victims, retail – 51 victims, government institutions – 39 victims, healthcare – 38 victims, construction – 30 victims.

The most dangerous ransomware are Maze and REvil — since the end of 2019 they account for more than 50% of successful attacks. They are followed by Ryuk, NetWalker, DoppelPaymer.

According to Group-IB experts, the popularity of ransomware has been boosted by private and public partner programs with criminals who specialise in compromising corporate networks.

“Ransomware operators buy access and attack the victim. After the victim pays the ransom, a share of that amount goes to the partner,” the specialists said.

Since late 2019, extortionists copy all the victim company’s data to their servers for further blackmail. If the victim does not pay the ransom, they will not only lose the data but will also see it publicly available. In June 2020, REvil began conducting auctions where stolen data served as the lots.

“The real damage from attacks is multiple times higher, since affected companies often downplay the incident, paying the extortionists, or the attack is not accompanied by the publication of data from the victim’s network,” added Group-IB.

In the first half of 2020, the ransomware disappeared from the top threats – they accounted for only 1% of all hacker attacks. However in the third quarter they accounted for about 51% of all attacks using malware.

Subscribe to ForkLog News on Telegram: ForkLog Feed — the full news feed, ForkLog — the most important news and polls.