Double extortion ransomware surges

There has been a nearly 500% increase in double extortion ransomware attacks from 2020 to 2021.

This was one of the findings of CipherTrace’s most recent Current Trends in Ransomware Report, which notes that these attacks increased an average of 1.85 times quarter over quarter from 2020 to Q3 2021.

Last year saw a slew of high profile attacks on companies with unprecedented ransom demands in the range of six, seven, and even eight figures.

This has led to many firms hardening their security practices to better combat ransomware attacks, including implementing a recovery strategy that involves regularly backing up important data, so ransomware demands do not need to be paid to restore critical functions.

According to CipherTrace, in a traditional ransomware attack, a victim’s data is encrypted until payment is received. However, in a double extortion attack, ransomware actors not only encrypt the victim’s data but then threaten to publicly release stolen files if the ransom isn’t paid.

The growth of attacks of this nature is probably as a result of increased defences against ransomware attacks by the public and private sector. It is this lack of payout that has driven ransomware actors to evolve their methodologies to ensure organisations cough up, even if they have backups, says CipherTrace.

Some notorious cyber crime groups like REvil take it a step further and allow anyone to pay the ransom during the payment period to receive the data, not just the victim.

Other findings reveal that while bitcoin is still the most requested payment method for ransom demands, 2021 saw an increasing demand for ransom payment in monero (XMR) with added premiums for payments in bitcoin ranging from 10 to 20%.

According to CipherTrace data, at least 22 ransomware strains accept only XMR, while others accept both BTC and XMR.

Last year, the most active ransomware groups have been REvil (now offline, possibly temporary), DarkSide (now offline, likely permanent), ContiNews, LockBit 2.0, Pysa, and Dopple Leaks.

In the first half of last year the number of reported ransomware payments made was 30% higher than in all of 2020 and the total of all payments made in the first six months of 2021 was 42% higher than in all of 2020 ($590 million compared to $416 million).