Leak Sites – Leak sites are attackers’ preferred modes of sending out news and messages. In 2021, a few main modes of communication were used, namely the Tor Network (a secure, encrypted protocol that can ensure privacy for data and communications on the web), Telegram groups (an accessible but encrypted application where attackers can share information), and hacking forums (where attackers recruit new members and publicize information.
Preferred Industries – The technology industry was targeted the most by ransomware groups. This sector was mentioned the most on the dark web, followed by the finance industry, and then healthcare, which reported alarming statistics on ransomware. The education and government sectors followed.
Countries Targeted – Based on data, companies in the US were the most targeted by ransomware groups. The US was four times more likely to be attacked as compared to Canada, which came second, followed by the U.K.
Most Active Groups – Lockbit 2.0 was the most active ransomware group in 2021, followed by Conti, BlackMatter, and Hive. Three of these groups are relatively newcomers and accounted for most attacks. For example, Hive was a new ransomware operation in June, but by August, the FBI had issued a flash alert after the group targeted Memorial Health Systems in Ohio and others. Every week, new ransomware groups emerged joining established groups such as RobinHood and Snatch.
Ransomware as a Service (RaaS) – Attackers painstakingly writing their own code is a thing of the past. Today, RaaS, a pay-to-use malware, has made attacks easy to execute. It enables attackers to use an available platform, thereby providing them with ransomware code and operational infrastructure. Not only has this made online extortion a booming business, but it will contribute to the growth of the RaaS model in 2022.
The SolarWinds supply-chain attack, Colonial Pipeline, and Log4J are examples of audacious ransomware attacks over the past disturbing 365 days. Organizations affected by ransomware have dealt with the aftermath, including profit losses, tarnished reputations, stolen data, and lawsuits.
At SureShield, our vulnerability management and remediation module, SecurityShield, quickly identifies threats in real time. After configurable and repeatable scans of servers or endpoints are complete, the product guides you through remediation software issues. SecurityShield offers full control over your IT vulnerabilities 24/7/365. It can be easily customized to fit an organization’s needs, allowing IT to track, manage and maintain a strong cyber posture. Contact SureShield for a free trial.