The ordinary ransom need in 2021 was $247,000, 45% more than the past 12 months, with most threat actors striving to power payment through double extortion methods, according to Team-IB.
The security vendor’s Ransomware Uncovered 2021/2022 report was compiled from an assessment of about 700 investigations undertaken by its incident response workforce.
It claimed the continued increase of ransomware is down to the proliferation of original entry brokers and ransomware-as-a-assistance choices on the dark web.

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
The report argued that much more advanced threats manufactured it more challenging for victims to recover: the regular downtime from an attack rose from 18 to 22 times calendar year-on-year.
On the other hand, on the in addition side, attacker dwell time fell from 13 days to 9 around the exact time period. That boundaries the time in which threat actors have to go laterally within just networks, steal facts and deploy their ransomware payload.
Data theft and threatened leakage were being made use of in 63% of attacks past calendar year as a technique of forcing payment, Group-IB reported.
Lockbit, Conti and Pysa were the most intense in publishing details to leak websites. Nonetheless, it was two newcomers, Hive and Grief, that caught the eye – producing it on the best 10 list of ransomware gangs by number of victims posted to leak internet sites.
The previous demanded an outrageous $240m ransom from MediaMarkt, the major of the 12 months and of all time.
Grief was essentially a rebrand from DoppelPaymer, an significantly common tactic for threat actors eager to steer clear of sanctions and scrutiny from investigators.
“Given various rebrands pressured by legislation enforcement steps as well as the merging of TTPs because of to the consistent migration of affiliate marketers from one ransomware-as-a-provider (RaaS) program to another, it is getting to be progressively demanding for security gurus to maintain track of the ever-evolving techniques and tools of ransomware threat actors,” warned the head of Team-IB’s facts forensics and incident response staff, Oleg Skulkin.
Distant desktop protocol (RDP) remains the best vector for attacks (47%), followed by phishing (26%). Much more attacks ended up facilitated by exploits of general public-experiencing programs final 12 months (21%) than in 2020 (17%).
Some sections of this report are sourced from:
www.infosecurity-journal.com