Ransomware payments hit record in 2021, India ranks 2nd in JAPAC region

Ransomware payments hit new records in 2021 as cybercriminals increasingly turned to Dark Web “leak sites” where they pressured victims to pay up by threatening to release sensitive data, according to research released on Friday from Unit 42 by Palo Alto Networks, the global cybersecurity leader. India witnessed a 218 per cent rise in ransomware attacks in 2021.

According to The 2022 Unit 42 Ransomware Threat Report, India ranks 10th globally in the number of ransomware attacks, and ranks second in the JAPAC region.

The average ransom demand in cases worked by Unit 42 incident responders rose 144 per cent in 2021 to $2.2 million, while the average payment climbed 78 per cent to $541,010, according to the report. The most affected industries were professional and legal services, construction, wholesale and retail, healthcare, and manufacturing.

“In 2021, ransomware attacks interfered with everyday activities that people all over the world take for granted – everything from buying groceries, purchasing gasoline for our cars to calling 911 in the event of an emergency and obtaining medical care,” said Jen Miller-Osborn, deputy director, Unit 42 Threat Intelligence.

The Conti ransomware group was responsible for the most activity, accounting for more than 1 in 5 of cases worked by Unit 42 consultants in 2021. REvil, also known as Sodinokibi, was No 2  at 7.1%, followed by Hello Kitty and Phobos (4.8 per cent each). Conti also posted the names of 511 organizations on its Dark Web leak site, the most of any group.

The report describes how the cyber extortion ecosystem grew in 2021, with the emergence of 35 new ransomware gangs. It documents how criminal enterprises invested windfall profits into creating easy-to-use tools in attacks that increasingly leverage zero-day vulnerabilities.

The number of victims whose data was posted on leak sites rose 85% in 2021, to 2,566 organizations, according to Unit 42’s analysis. Around 60 per cent of leak site victims were in the Americas, followed by 31 per cent for Europe, the Middle East and Africa, and then 9 per cent in the Asia-Pacific region.

Almost 42 per cent of total attacks in India targeted Maharashtra. Top sectors that were impacted in India include, software and services, capital goods and the public sector. Most active ransomware groups in India were Lockbit2.0, Avaddon and Conti.

India specific points

·     218 % increase in ransomware attacks as compared to 2020

·     India ranks 10th globally in number of ransomware attacks; Ranks 2nd in JAPAC region

·     42% of total attacks in India targeted Maharashtra

·     Top sectors being targeted in India are Software & Services, Capital Goods, and the Public Sector

·     Most active ransomware groups in India were Lockbit2.0, Avaddon and Conti