Group-IB: the number of ransomware attacks in Russia increased by 200 percent
The number of ransomware attacks in Russia in 2021 increased by more than 200 percent. This was reported to Lenta.ru by Group-IB specialists, who also warned the Russians about the most dangerous hacker ransomware.
They turned out to be the ransomware Dharma, Crylock and Thanos, with the help of each of which more 100 attacks on Russian businesses. It is noted that the maximum requested ransom amount was 250 million rubles. In general, this indicator depends both on the size of the business and on the appetites of the attackers themselves. The average ransom paid is three million rubles, and the maximum is 40 million rubles.
Group-IB notes that, as elsewhere in the world, one of the main reasons for the popularity of ransomware in Russia is the use of the model Ransomware-as-a-Service, which allows criminals to rent existing software instead of developing their own malware. This is how Dharma, Crylock and Thanos work.
Other groups, such as the Russian-language RTM, which previously specialized in theft from remote banking systems (RBS), themselves add ransomware to their arsenal. This allows them, if the attempt to steal money fails, to deploy the ransomware to the entire compromised network.