Data presented by the Atlas VPN team shows that 45% of organisations hit by ransomware in 2020 are based in the US. Enterprises all over the world are being kept hostage by ransomware, and many are being forced to pay criminals because the expense of downtime and loss of reputation if the consumer data goes public outweighs the ransom.
Researchers from Palo Alto Networks analysed data that was gathered by two of their branches — global threat intelligence team (Unit 42) and incident response team (The Crypsis Group).
The data was collected from publicly available websites as well as those on the dark web. The dataset included 337 victims from 56 different industries in five regions and 39 countries.
Surprisingly, out of 337 ransomware victims last year, 151 (45%), were operating in the US.
US organisations are extremely profitable for hackers. They reach a wider market than most other countries, which often means that they have more resources. Moreover, having more employees, contractors and using more services creates a broader attack surface for hackers to exploit.
On a similar note, 39 (12%) of businesses in Canada got trapped by ransomware and were forced to pay up. Third on the list is Germany, where 26 (8%) organisations suffered from a ransomware attack.
Fourth is the United Kingdom, and fifth is France, where 17 (5%) and 16 (5%) businesses respectively have been a victim of a ransomware attack.
Ransomware is a lucrative market. The average ransom paid by organisations in the United States, Canada, and Europe rose by 171% from $115,123 in 2019 to $312,493 in 2020.
Double extortion on the rise
Several ransomware families have demonstrated their ability to exfiltrate data and use double extortion tactics, including NetWalker, RagnarLocker, DoppelPaymer, and several others.
Instead of only encrypting data on the victim’s computer, hackers also export files to their own computers in order to further compel the victim to pay the ransom. In case the ransom is not paid, criminals threaten to publish the data on leak sites and forums that are operating on the dark web.
By far the most effective ransomware family is NetWalker, which was used in 33% of attacks last year.
Interestingly, the FBI has already taken the matter into their own hands and took down the site on the dark web that was providing NetWalker ransomware for sale as a service.
During the FBI’s investigation, a Canadian national – Sébastien Vchon-Desjardins of Gatineau was charged in the Middle District of Florida. He is alleged to have obtained over $27.6million as a result of the offences charged in the indictment.
Moving forward, RagnarLocker was used in 26 attacks and DoppelPaymer in 25, both of them being double extortion ransomware families.
NeFilm (24), DarkSide (24), Revil (23), Avaddon (23), and Clop (22) are five other malicious software types that criminals chose quite often in 2020.