Pay-or-get-breached ransomware schemes take off

The “pay or get breached” ransomware trend — also known as the “double extortion” scheme — took off in 2020, despite the prolific Maze Team’s Nov. 1 announcement that it would be discontinuing operations.

Using data collected by automated feeds, cyber-risk firm Digital Shadows documented 550 double-extortion postings on data leak sites maintained by more than a score of ransomware groups. By far, the industrial goods and services sector bore the brunt of ransomware attacks, with 29% of all 2020 attacks targeting the industry, while businesses in North America accounted for two-thirds of all attacks, Digital Shadows discovered.

Quarter over quarter, the cybersecurity firm saw a significant increase in ransomware attacks using the twin strategies of demanding a ransom and then leaking the data if the victim did not pay, says Jamie Hart, a cyberthreat intelligence analyst with the company.

“We are going to continue to see ransomware increase because the pay-or-get-breached method gives an opportunity for the new and less-known ransomware groups to make a name for themselves in 2021,” she says. “There is no sector that is off limit to these groups.”

By all measures, ransomware is now the default approach for monetizing compromised companies, with cybersecurity services firm CrowdStrike finding more than half of all of its client engagements were to clean up ransomware attacks. The number of companies hit by ransomware each year has remained steady, with 51% acknowledging a ransomware attack in the past year, and three-quarters of those attacks succeeding in encrypting some data, according to a survey by security-software firm Sophos.

While Maze accounted for a third of documented ransomware attacks in the third quarter of 2020, according to Digital Shadows’ Q3 threat report, Egregor accounted for a third of incidents in the last quarter, according to ZeroFox’s report. Egregor targeted Barnes & Noble Booksellers, game maker Ubisoft, and Epicor Software.

“Throughout 2020, we saw the ‘pay or get breached’ trend take off like a rocket and it didn’t seem to slow down,” Digital Shadows stated in it analysis, published today. “To add to the already stressful situation of having their files exfiltrated and encrypted, victim organizations were pressured into paying ransom payments quickly by the threat of public exposure on a data leak site.

To read the complete article, visit Dark Reading.