- Joined
- May 15, 2016
- Messages
- 14,226
- Likes
- 2,643
- Points
- 1,730
The average buyout in the fourth quarter of 2021 increased by 130% compared to the previous quarter.
Numerous law enforcement operations that led to the arrests and neutralization of ransomware in 2021 forced attackers to narrow their scope and increase the effectiveness of their malicious campaigns.
Most well-known groups operating under the Ransomware-as-a-Service (RaaS) business model continue their activities even after law enforcement agencies have arrested key members of the groups. In the fourth quarter of 2021, ransomware groups began demanding higher ransoms, security experts at Coveware said.
The average buyout in the fourth quarter of 2021 reached $322,168, up 130% from the previous quarter. As the disruption of large firms provokes investigations and creates political tensions internationally, hackers are more cautious. They attack firms large enough with the intent of obtaining huge ransoms, but not so large that the attack causes more geopolitical problems than benefits.
“While medium and large organizations continue to be attacked, ransomware remains a problem for small businesses — 82% of attacks affect organizations with fewer than a thousand employees,” explains Coveware.
In Q4 2021, the most frequently reported ransomware variant was Conti, which accounted for 19.4% of all ransomware detections, with LockBit 2.0 in second place (16.3%) and Hive in third place (9.2%).
Establishing persistence using scheduled tasks and executing code is typical for 82% of infections. In 82% of cases, ransomware operators moved through the victim's networks in an attempt to move to more devices. Credential access was recorded in 71% of observed ransomware attacks. In 63% of incidents, a command center was used to organize remote access operations.
Data theft, including keyboard input, screenshots, emails, videos, and other espionage-related information, accounts for 61% of attacks.
Another notable change in tactics concerns the original compromise vector. RDP access, which used to be widely traded on the darknet markets, is steadily declining as attackers begin to exploit vulnerabilities. The most commonly exploited vulnerabilities to penetrate a victim's network in Q4 2021 were CVE-2021-34473 , CVE-2021-26855 in Microsoft Exchange, and CVE-2018-13379 in Fortinet firewalls.
__________________
Numerous law enforcement operations that led to the arrests and neutralization of ransomware in 2021 forced attackers to narrow their scope and increase the effectiveness of their malicious campaigns.
Most well-known groups operating under the Ransomware-as-a-Service (RaaS) business model continue their activities even after law enforcement agencies have arrested key members of the groups. In the fourth quarter of 2021, ransomware groups began demanding higher ransoms, security experts at Coveware said.
The average buyout in the fourth quarter of 2021 reached $322,168, up 130% from the previous quarter. As the disruption of large firms provokes investigations and creates political tensions internationally, hackers are more cautious. They attack firms large enough with the intent of obtaining huge ransoms, but not so large that the attack causes more geopolitical problems than benefits.
“While medium and large organizations continue to be attacked, ransomware remains a problem for small businesses — 82% of attacks affect organizations with fewer than a thousand employees,” explains Coveware.
In Q4 2021, the most frequently reported ransomware variant was Conti, which accounted for 19.4% of all ransomware detections, with LockBit 2.0 in second place (16.3%) and Hive in third place (9.2%).
Establishing persistence using scheduled tasks and executing code is typical for 82% of infections. In 82% of cases, ransomware operators moved through the victim's networks in an attempt to move to more devices. Credential access was recorded in 71% of observed ransomware attacks. In 63% of incidents, a command center was used to organize remote access operations.
Data theft, including keyboard input, screenshots, emails, videos, and other espionage-related information, accounts for 61% of attacks.
Another notable change in tactics concerns the original compromise vector. RDP access, which used to be widely traded on the darknet markets, is steadily declining as attackers begin to exploit vulnerabilities. The most commonly exploited vulnerabilities to penetrate a victim's network in Q4 2021 were CVE-2021-34473 , CVE-2021-26855 in Microsoft Exchange, and CVE-2018-13379 in Fortinet firewalls.
__________________