Increased privacy risk as ransom attacks rise


The global total of ransomware attacks in the first four months of 2022 already stands at half the total of last year ‒ and each attack is exposing the details of thousands of people to threat actors, says fresh research.

“Each organization that falls victim to a ransomware attack could expose up to 20,000 people to having their credentials harvested and sold on the dark web,” said cybersecurity analyst ANOZR WAY, adding that in France alone more than 168,000 citizens had their details stolen and circulated between January and April. Even the lowest tally of victims for a single attack stood in the thousands, it added.

Pilfered data included medical certificates, healthcare identification cards, salary details, invoices, proof of residency documents, email and residential addresses, and banking details.

In France, 300,000 documents had been circulated on the dark web in the first four months of 2022, more than two-thirds of these courtesy of Lockbit 2.0 – dubbed by the report as the most prolific and therefore notorious ransomware group.

A single attack could see anywhere between a thousand and more than forty times that number of documents compromised in this way, the report added.

Globally, the most commonly targeted industry for ransom attacks was manufacturing, with science and technology firms also deemed highly lucrative by cybercriminals. Specifically, energy firms were particularly vulnerable – in just a third of the time, cyberattacks for this year on such concerns had risen 138% on the total for the whole of 2021. This is thought to be primarily driven by the escalating conflict with Russia and resulting energy crisis.

While the US and Canada led the way in suffering the most ransomware attacks during the study period (41% of the global total), Europe was a close second (38%), with France, Germany and Italy topping targeted countries in that region. More than 7,000 organizations in France were attacked by ransom gangs, losing 660 million euros between them.

Alban Ondrejek, ANOZR WAY co-founder and chief technology officer, warned that between 35 and 40 ransomware gangs are active, with Lockbit 2.0 – responsible for nearly four in ten of the total attacks observed – simply being the most prominent, followed by Conti (23%) and Black Cat (12%).

And while some of the gangs could be said to have a political dimension, temporarily offering their services to a state actor, most of them remained primarily “capitalistic” in their outlook, with profit their key motivator.

“During the first months of the year, the war between Ukraine and Russia evidently had an impact on the cyber-sphere,” he said. “Despite some aborted attempts to ally with Russia, these cybercriminals have continued their motto of ‘business as usual.’”

Ondrejek was apparently referring to the example of Conti, cited in the report, which declared its support of Russia early on in the invasion, but was obliged to backtrack for fear of losing its profitability after provoking a backlash from other hackers and possibly even former affiliates.