Group-IB: the number of ransomware attacks in Russia tripled in 2021 
The number of ransomware attacks in Russia in 2021 increased threefold – by 200 percent. This “Lenta.ru” became aware of the report of analysts of the Group-IB company, who presented their report on the situation in the field of information security at the CyberCrimeCon 2021 conference held in Moscow.
The experts also named the main reason for the hackers' success in Russia. This, according to them, was primarily influenced by the strategy of combining hacker groups working with ransomware programs and with cybercriminals who break into company networks and sell access to them. This approach allows hackers to segment the field of activity, make it narrower, and also provide high income for all attackers.
Group-IB notes that administrations of hacker forums on the darknet have a negative attitude towards such coalitions. However, between October 2020 and September 2021, the number of affiliate programs grew by 19 percent. Active participants in such projects are professional pentesters (specialists who check company networks for vulnerability to external penetration – approx. Lenta.ru ) who hack company networks for the subsequent resale of the gained access or participation in partner programs with hackers for a percentage of the ransom.
Ransomware's use of Data Leak Sites (DLS), sites on the dark web used to put additional pressure on victims, reached their peak. The threat of disclosure of stolen data is forcing companies to pay the ransom faster.
“The number of new sites dedicated to publishing stolen data has increased by 32 percent, which indicates that a large number of affiliate programs go unnoticed. We also see that the number of victims on such sites continues to grow. During the study period (from October 2020 to September 2021 – approx. “Lenta.ru” ) it was 935 percent compared to the previous 12 months, “said Dmitry Volkov, CEO of Group-IB.
The company adds that only ten percent of attacked companies are uploaded to DLS. Moreover, every third victim prefers to pay the ransom. The most aggressive groups using DLS to put pressure on business are Conti, Lockbit, Avaddon, and REvil and Pysa, which have already ceased to exist. Most of the companies that received threats of leaking stolen data into the network are based in the United States (almost half of the cases), followed by Canada, France and the United Kingdom (no more than six percent in each country). Russian companies were not seen on DLS.
Earlier it became known the number of Russian and CIS banks' cards leaked to the darknet. According to researchers from Group-IB, we are talking about 13,799 cards that appeared in the shadow segment of the Internet in the period from October 2020 to September 2021. Over the previous 12 months, there were almost 35 thousand of them (a decrease of 60 percent).