A 2021 report from Atlas VPN pegs ransomware cost to victims at $45 million in 2021. The year also boasts of some largest payouts made by victims.
In a ransomware attack, threat actors exploit the system vulnerability, encrypt data, block or lock users and demand payment. These are digital demands through cryptocurrency in exchange for the decryption key. And as the attacks get viler, the modus operandi is to steal sensitive data and threaten to publish it on the dark web, invoking panic and triggering mayhem at the victim’s end, in turn forcing them to give in to the ransomware demand.
Leading payments
- Conti, REvil/Sodinokib, DarkSide and RagnarLocker were the much talked about ransomware groups that extorted millions from the victims.
- Conti ransomware group received the most payments in ransom, nearly $13 million, due to its double extortion technique, which not only encrypts data but also threatens to leak it online.
- The second on the charts is the Russia-based REvil/Sodinokibi group, which extorted $12.13 million in 2021 alone. REvil is one of the most prominent ransomware-as-a-service provider (RaaS).
- The DarkSide group extracted $4.67 million in ransom. They announced their RaaS in August of 2020 and became known for their professional operations and large ransoms.
- Close at heel were RagnarLocker at $4.54 million and MountLocker at $4.22 million in ransom from the exploits.
William Sword, cybersecurity writer and researcher at Atlas VPN, opined, ”Cybercriminals can shut down huge organizations, highlighting a massive issue — many companies have left their infrastructure and cybersecurity vulnerable to hackers. Businesses must take responsibility and secure their systems before hackers can launch even more disruptive attacks.”
The Ransom Loot
Large organizations, essential services, and infrastructures across the globe have been thoughtfully targeted to cause significant disruption and loss to business and brand image. Few names that continue to be quoted as examples for their colossal payouts are JBS USA, Colonial Pipeline and Exagrid.
The world’s largest meat producer, JBS suffered a ransomware attack, which disrupted its meat slaughter operations, and the company was forced to shut down some of its food production sites on May 31, affecting thousands of employees. The FBI attributed the attack to the REvil group. In a media statement, JBS confirmed paying a ransom of $11 million (301 Bitcoins).
The DarkSide ransomware attack on Colonial Pipeline cost the organization $4.4 million (75 Bitcoins). Due to the attack, many Americans had to deal with gas shortages and price spikes for weeks. Joseph Blount, Colonial Pipeline’s CEO, said, paying ransom is “highly controversial.”
Backup appliance maker Exagrid paid $2.6 million (50.75 Bitcoins) to Conti ransomware hackers. 800GB of data related to employees, customers, and other confidential information was at stake. Hackers threatened to sell the stolen data on the dark web if Exagrid did not pay the ransom.
While ransomware attacks continue to wreak havoc and disrupt businesses, the defenses too need to evolve and effectively detect the new strains to avoid further damage. With evolving technologies, organizations need to have strong end-to-end security with a zero trust approach.