Every week an organization is ransomware attacked, but a new report by eSentire security research team and dark web researcher Mike Mayes points out that the incidents we see in the news are just a small piece the actual number of victims of such attacks. The Ransomware Report eSentire reports that In 2021 alone, six ransomware gangs broke into 292 organizations between January 1 and April 31.
The report estimates that The hackers managed to raise at least $ 45 million from these attacks, while also describing many incidents that have not been made public.
The eSentire team and Mayes focused on ransomware gangs of Ryuk / Conti, Sodin / REvil, CLOP, DoppelPaymer, DarkSide and Avaddon.
Each gang focuses on specific industries and regions of the world, according to the report. His gang Ryuk / Conti has been attacked 352 organizations from 2018 and 63 this year, focusing mainly on construction and transport companies.
Dozens of their victims have not been reported, but among the most notable organizations attacked are the Broward County School District and the French company CEE Schisler - both did not pay the excessive ransom demanded, according to the report.
In addition to the construction industry, the gang carried out attacks on small government IT systems throughout the US in 2020, such as Jackson County, Georgia, Riviera Beach, Florida and LaPorte County in Indiana. All three governments paid the ransom, που ranged from $ 130.000 to almost $ 600.000. The gang also spent much of 2020 attacking local hospitals.
Like the Ryuk / Conti gang, the hackers behind ransomware Sodin / REvil also focus on healthcare organizations, while they too attempt to attack manufacturers of laptops. From 161 victims, 52 were "hit" in 2021, while among the victims was the Acer and Quanta, two of the largest technology manufacturers in the world.
From How much, which produces Apple laptops, hackers asked for ransom $ 50 million. The company refused and the Sodin / REvil gang leaked detailed plans for an Apple product in response. The gang then threatened to leak more documents. Apple has not spoken about the invasion since.
The DoppelPaymer / BitPaymer is known for targeting government institutions and schools. The FBI issued a statement specifically on ransomware in December, noting that it is being used to attack critical infrastructure, such as hospitals and emergency services.
The report adds that most of the 59 victims listed this year the gang have not been reported, except for the Illinois Attorney General's Office, which was attacked April 29.
His gang Clop ransomware has focused its efforts on exploiting vulnerabilities in its file transfer system Accellion. ESentire team and Mayes explain that the gang took advantage of the vulnerability and hit the University of California, the American bank "Flagstar", the global law firm "Jones Day", the Canadian jet manufacturer "Bombardier", the University of Stanford, the Dutch oil giant "Royal Shell", the University of Colorado, the University of of Miami, the fuel company "RaceTrac" and much more.
His gang DarkSide has been busy many times lately with her attack on Colonial pipeline, which triggered a political storm in the US and problems at gas stations in some cities along the East Coast. It is one of the newest ransomware gangs to emerge in late 2020, according to the report. It lists 59 victims since November and 37 only this year.
The report notes that the DarkSide gang is one of the few operating as a business ransomware-as-a-service, assigning associates the attack on targets and then divides the ransom. Last week, the gang announced it was shutting down due to increased law enforcement control.
Ransomware has been involved in many attacks against power generators, such as one of Brazil's largest electricity companies, the Paranaense Energy Company, which was hit in February.
Another gang that was studied is his avaddon, which was the focus this week of its attack on the major European insurance company "AXA". The attack was remarkable because the AXA provides dozens of companies with cyber insurance.
In addition to AXA, the gang has also been attacked 46 organizations this year and operates as a ransomware-as-a-service enterprise such as DarkSide. The report explains that the gang is noteworthy for inclusion of a countdown clock on its site on the dark web and for additional threat of a DDoS attack if the victims refuse to pay the ransom.
The list of gang victims includes health care organizations, such as the Capital Medical Center in Olympia, Washington and the Bridgeway Senior Healthcare in New Jersey.
The eSentire team and Mayes added that the large number of unreported attacks indicates that these gangs "destroy many more entities than the public perceives".
Another disappointing finding is that no industry is free from the scourge of ransomware. Finally, the report emphasizes that these debilitating attacks are taking place in all areas and in all sectors and it is imperative need all companies and private organizations to implement security safeguards to mitigate the damage caused by a ransomware attack.
Source of information: zdnet.com