The State of Ransomware in 2021: A Quick Report
Ransomware is an omnipresent threat in today’s cybersecurity landscape. In one of our previous blog posts, we covered how ransomware attacks work, who are the new targets of ransomware groups, and what your organization can do to protect itself from ransomware.
To find out more about the current state of ransomware attacks and affiliated ransomware groups, Flare conducted a primary research audit to investigate the trends in ransomware activity.
To give you a brief overview of what’s happening today, ransomware nowadays follows the double extortion model. These malicious actors and groups infiltrate the victim’s network and encrypt their valuable data and, if the ransom is not paid, also threaten to publicize the stolen sensitive information. What was until recently considered big game hunting may be becoming increasingly problematic.
With this hypothesis and consideration in mind, we investigated all the disclosed postings from ransomware groups’ websites and compiled them into their respective month, starting January 2020.
Here’s what we found:
The data above showcases a definitive rising pattern in the frequency of ransomware attacks. The rise is exponential. To put it in perspective, ransomware attacks from 2020 to 2021 have increased by 437%.
This phenomenon could be explained by a multitude of reasons, one possibility could be that this rise of ransomware attacks is due to the accessibility to ransomware and ransomware as a service (RaaS). Indeed, we’ve seen plenty of listings on various darknet markets with ransomware for sale, and even a ransomware group based around offering RaaS. Here’s an example of such a site:
According to our research ransomware attacks have increased, the natural next question becomes, what about ransomware groups?
The story of the groups is a bit more complicated, but the direction of the groups is the same, on the rise.
Above is a chart illustrating how many different groups posted an attack on their website each month since January 2020. As you can see the number of groups, in general, has been rising with August and September seeing a mild dip and increase.
What’s the total percentage increase?
Active Ransomware groups from January 2020 to September 2021 have increased by 280%.
Additionally, we have noticed in the past few weeks that some ransomware groups set up their operation before any attack transpired; situations which we monitor closely. Keeping an eye on websites of this nature early on allows us to start monitoring sources as soon as the content is publicly available. Here are two examples of sites that were previously inactive:
To sum it up, ransomware attacks are more of a threat than they have ever been and show no sign of slowing down. Dark web monitoring is and will remain a quintessential aspect of cybersecurity and brand protection when it comes to responding quickly and proactively to the various threats faced in today’s digital world.That’s the end of our quick report on the state of ransomware in 2021. Moving forward we’ll continue to research and create primary content so that businesses can understand the dynamic digital risk landscape.