Criminals put pressure on their victims by posting certain data on the Dark Web to force payment.
With an average of $2.2 million demanded, the amount of demands from cybercriminal groups reached a new record last year, according to the latest report from Unit 42, the cybersecurity research unit of the American firm Palo Alto Networks. This represents a growth of 144% over one year. While the organizations attacked rarely pay the asking price, the average amount paid has never been so high: $541,000 on average, an increase of 78%.
To put pressure on their victims, ransomware attackers are increasingly using the strategy of double extortion: it consists of exfiltrating the most sensitive information possible from the organization, before encrypting it, then publishing a sample on the Dark Web, threatening to publish many more if the victim does not pay the ransom.
READ ALSO: Cyberattacks: double extortion, a growing threat to businesses
France, target of choice in Europe
Last year, this type of “name-and-shame” increased by 85%, according to observations by researchers from Unit 42. Of the 2,566 victim organizations in 2021 analyzed by the report, 60% of victims of sites of leakage were on the American continent, 31% in Europe, the Middle East and Africa, then 9% for the Asia-Pacific region.
These figures do not mean that all ransomed organizations pay or find themselves helpless in the face of an attack. “This is not the case at all, rather we are seeing a drop in the number of organizations paying because they respond better to attacks, specifies Wendi Whitmore, director of Unit 42. This paradox of the figures would rather come from a rational economic calculation on the part of certain victims. »They may have effective data backups, but if it takes them a week to restore all the data, for example when it is stored in multiple locations, they may have an economic interest in paying the ransom to get it back longer. quickly“, she explains.
The very active Conti group
In Europe, France is the second most targeted country for ransomware attacks and related data leaks, just after the United Kingdom and ahead of Germany, Italy and Spain. Among the sectors most affected in France, professional services and legal firms (49%), industry (32%) and the manufacturing sector (21%), construction (19%) and distribution (9 %).
In 2021, The Conti Group remains the most active in terms of ransomware attacks, implicated in one in five attacks on which consultants from the Unit 42 team had to intervene. It is also one of the most active in France, followed by Everest and Lockbit 2.0.
The cybercriminal ecosystem, which has grown with 35 new gangs identified in 2021, is reinvesting some of its immense gains in the creation of easier to use tools. Highly professionalized, these criminals manage to exploit ever more unknown vulnerabilities (“zero-day” type) in the software and applications of their victims.