Ransomware surged 93% in last 6 months fueled by triple extortion
In the past six months, cyber-attacks have increased by 29% with threat actors continuously exploiting the pandemic. Ransomware was fueled by innovation in an attack technique called triple extortion and surged by 93%.
“In the first half of 2021, cybercriminals have continued to adapt their working practices to exploit the shift to hybrid working, targeting organizations’ supply chains and network links to partners to achieve maximum disruption,” Maya Horrowitz, Director, Threat Intelligence & Research Products at Check Point Software, said.
Check Point has just released its 2021 mid-year security report, which provides a detailed overview of the cyber threat landscape.
The report suggests that in EMEA countries (Europe, the Middle East, and Africa), organizations experienced a 36% increase in cyber attacks since the beginning of this year, with 777 weekly attacks per organization.
In the US, there was an increase of 17%, with 442 weekly attacks per organization. There was a 13% increase in cyber-attacks on organizations in Asia-Pacific since the beginning of the year, with 1338 weekly attacks per organization.
“This year, cyber-attacks have continued to break records, and we have even seen a huge increase in the number of ransomware attacks, with high-profile incidents such as Solarwinds, Colonial Pipeline, JBS, or Kaseya. Looking ahead, organizations should be aware of the risks and ensure that they have the appropriate solutions in place to prevent - without disrupting the normal business flow - the majority of attacks, including the most advanced ones,” Horrowitz said.
The rise of triple extortion
Every week, more than 1,200 organizations worldwide fall victim to a ransomware attack. Ransomware’s surge by 93% was mainly fueled by triple extortion. It means that in addition to stealing sensitive data from organizations and threatening to release it publicly unless a payment is made, attackers are now targeting organizations’ customers and business partners with ransom demands.
“This year, we have seen a huge global increase in the number of ransomware attacks, with high-profile incidents such as the attacks on Colonial Pipeline and JBS making world headlines. And while the double extortion ransomware strategy proved popular in 2020, this year’s surge in attacks has brought to light a worrying new threat — that of triple extortion,” Check Point report reads.
IN January, law enforcement disrupted Emotet, one of the most significant and dangerous botnets of the past decade. Since then, the race for Emotet’s successor intensified - other malware, such as Trickbot, Dridex, Qbot, and IceID, are quickly gaining popularity.
“Trickbot, Dridex, Qbot, and IcedID all show signs of continuing to increase in prominence over the next few months. Together, they make up for the loss of Emotet and keep the ransomware distribution rates steady. These malwares resemble Emotet in their infection tactics as well, not only in the adoption of ‘thread hijacking’ by Qbot. They also use phishing campaigns to distribute documents, mostly Microsoft Office files, which contain malicious macros,” the report reads.
What to expect next
Check Point researchers are confident that the ransomware war will intensify in the second half of the year. Despite increased investment from governments and law enforcement, they will continue to proliferate, especially as the Biden Administration makes this a priority.
Over the past two years, researchers noticed an acceleration in the use of penetration tools, such as Cobalt Strike and Bloodhound.
“These tools don’t just pose a real challenge from a detection point of view, they also grant live hackers access to the compromised networks, allowing them to scan and scroll at will and customize attacks on the fly,” they claim.
This year, Cobalt Strike took center stage as it was found to be used in some of the world’s largest attacks, such as those by the Trickbot gang, the SolarWinds supply chain attack, and numerous ransomware double extortion cases involving DoppelPaymer and Egregor, among others.
Because of the triple extortion, ransomware now includes the original target organization and the victim’s customers, partners, and vendors. IT multiplies the actual victims of each attack.
More from CyberNews:
Subscribe to our newsletter