Cybercriminals have started to use double extortion methods in ransomware attacks. Attackers not only encrypt your data but also threaten to sell confidential information of your business if the ransom is not paid. That leaves some organizations with no other choice but to pay criminals. According to the data presented by Atlas VPN, A U.S based virtual private network organization, ransomware has already cost victims $45 million in 2021. Some of the ransom payments made this year are the largest ones we have seen yet.
Conti ransomware group has received the most payments in ransom at nearly $13 million in total. Conti is double extortion ransomware, which not only encrypts data but also threatens to leak it online. The group primarily targets organizations such as hospitals, 911 dispatch carriers, law enforcement agencies, causing life-threatening situations.
The second most payments were taken by the REvil/Sodinokibi group, which has extorted $12.13 million in 2021 so far. REvil is a Russian-based criminal group, and they are one of the most prominent ransomware-as-a-service provider (RaaS). REvil targets large organizations, which enables them to obtain massive ransom payments.
The DarkSide group forced $4.67 million in ransom out of their victims in 2021. They announced their RaaS in August of 2020 and became known for their professional operations and large ransoms. DarkSide has publicly stated that they do not attack schools, hospitals, or other non-profit organizations but rather large businesses. RagnarLocker extorted $4.54 million in ransom, and MountLocker took away $4.22 million from their victims in 2021.
Many hacker groups target specifically large organizations as the disruption cause the most damage. Some companies might pay a ransom just so their business can go back to normal as soon as possible without affecting more people. For example, the world’s largest meat producer JBS USA fell victim to the REvil attack and paid one of the largest ransoms of all-time —$11 million (301 bitcoins). JBS was forced to shut down some of its food production sites on May 31st, affecting thousands of employees. Such an attack threatened to disrupt the food supply chain and raise already high food prices. DarkSide ransomware attack on United States gas supplier Colonial Pipeline, cost the organization $4.4 million (75 bitcoins). Luckily, the FBI could recover $2.3 million (64 bitcoins) by tracing down the criminal’s wallet. Due to the attack, many Americans had to deal with gas shortages and price spikes for weeks to come mostly on the east coast of the US. Backup appliance maker Exagrid paid $2.6 million (50.75 bitcoins) to Conti ransomware hackers. Cybercriminals stole 800GB of data related to employees, customers, and other confidential information. Hackers threatened to sell the stolen data on the dark web if Exagrid did not pay the ransom.
Cybercriminals can shut down huge organizations, highlighting a massive issue — many companies have left their infrastructure and cybersecurity vulnerable to hackers. Businesses must take responsibility and secure their systems before hackers can launch even more disruptive attacks.
The data is based on numbers collected by the ransomwhe.re website, which is an open, crowdsourced ransomware payment tracker that reports over $92 Million.