The Number Of Double-Extortion Ransomware Victims Sees Massive 935% Increase In 2021

A jaw-dropping three-digit spike in the number of companies hit with double-extortion ransomware attacks, most likely due to easy access to corporate networks and RaaS tools, is a matter of concern, researchers warn.

The Double-Extortion Method Used In Ransomware Hits Fuels Massive Increase In Damages

Getting access to compromised networks is cheap, and every cybercrook wannabe can infiltrate them with the help of initial-access brokers or RaaS tools.

The grim conclusions are according to findings from Group-IB’s Hi-Tech Crime Trends Report 2021/2022, which details the concerning figures behind what the analysis calls an “unholy alliance” between ransomware actors and corporate-access brokers. Experts found that the lethal combo has fueled a staggering 935% spike in the number of companies that had fallen victim to double-extortion ransomware attacks and had their stolen data published on data leak sites.

Ransomware gangs have been increasingly adopting the double-extortion strategy. The method involves the attacker stealing an organization’s data and threatening to expose it unless the ransom is paid. The report found that the trend is gaining traction among cybercriminals.

Getting Initial Access Is Piece Of Cake

The double-extortion method has caused damages to jump to 935% this year.

Credit: Group-IB

“Poor corporate cyber-risk management combined with the fact that tools for conducting attacks against corporate networks are widely available both contributed to a record-breaking rise in the number of initial access brokers,” the analysis wrote.

The report also spotted 21 new RaaS affiliate programs and 28 data leak sites over the past year.

The Data Leak Threat

“In practice, however, victims can still find their data on the DLS even if the ransom is paid,” the report noted.

To add to an already grim landscape, the actual number of victims is likely larger than detected: “Taking into account that cybercriminals release data relating to only about 10 percent of their victims, the actual number of ransomware attack victims is likely to be dozens more,” the report said. “The share of companies that pay the ransom is estimated at 30 percent.”

The Conti ransomware group is responsible for leaking data on approximately 361 victims and for around 16.5% of the total stolen data published on data leak sires in 2021.

Group-IB found that the majority of double-extortion victims were in the U.S. (968), followed by Canada (110) and France (103). The most heavily targeted industries were manufacturing, education, financial services, healthcare, and e-commerce.

Credit: Group-IB

Phishing Attack Affiliate Boom

“Phishing and scam affiliate programs actively use Telegram bots that provide participants with ready-to-use scam and phishing pages,” the report explained. “This helps scale phishing campaigns and tailor them to banks, popular email services, and other organizations.”

Protect Your Business With ATTACK Simulator

You can successfully defend your business partly by training your employees on cybersecurity matters and especially phishing attacks, and partly by adopting more rigorous security measures, such as implementing multi-factor authentication and user behavior analytics.

Most ransomware attacks have one thing in common: their infectious vector — phishing emails.

ATTACK Simulator’s Security Awareness Training program will help you equip your employees with the necessary security knowledge and up-to-date security practices to keep your company safe from scammers and avoid potentially irreparable damage.

Put your employees to the test with our free security awareness training trial and find out where you stand against a phishing attack!


Threatpost ‘Double-Extortion’ Ransomware Damage Skyrockets 935%

GROUP-IB Ransomware, carding, and initial access brokers: Group-IB presents report on trending crimes


Photo by Mackenzie Marco on Unsplash



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
ATTACK Simulator

We’re a fresh startup that aims at creating a culture of security in every company by teaching security awareness through automated phishing simulations.