The number of ransomware attacks surged by 288% between the first and second quarters of 2021 as double extortion attempts grew, according to the latest data from NCC Group.
Analyzing incidents dealt with by its own Research Intelligence and Fusion Team (RIFT) throughout 2021, the firm claimed nearly a quarter (22%) of data leaks in the second quarter came from the Conti group.
Conti typically gains initial network access to victim organizations via phishing emails, it claimed.
Next came Avaddon, which accounted for 17% of incidents, although this variant is now thought to be inactive.
Unsurprisingly, nearly half (49%) of victims with known locations in Q2 were based in the US, followed by 7% in France and 4% in Germany.
Christo Butcher, global lead for threat intelligence at NCC Group, argued that no organization in any sector is safe from ransomware today.
“We’ve seen targets range from IT companies and suppliers to financial institutions and critical national infrastructure providers, with ransomware-as-a-service increasingly being sold by ransomware gangs in a subscription model,” he added.
“It’s therefore crucial for organizations to be proactive about their resilience. This should include proactive remediation of security issues, and operating a least-privilege model, which means that if a user’s account is compromised, the attacker will only be able to access and/or destroy a limited amount of information.”
According to separate data from Group-IB, ransomware attacks grew by 150% year-on-year in 2020, with the average extortion amount doubling.
However, it’s difficult to get an accurate vendor-neutral picture of how threats are developing over time. Coveware, for example, maintains that despite the ramping up of media coverage since the Colonial Pipeline incident, “in reality, the volume and severity of ransomware attacks have been extreme but relatively stable for at least 18 months.”
This week, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) released an alert warning organizations to plan for possible threat activity ahead of weekends and holidays.