14 DAY TRIAL // If you were to look at the statistics, every week a new organization is targeted by a ransomware attack. Nevertheless, a new study from eSentire's security research team and Dark Web researcher Mike Mayes reveal that the events we see in the news are just a fraction of the true number of victims.
According to the eSentire Ransomware Study, six ransomware groups infected 292 organizations between January 1 and April 31, 2021. The study estimates that the groups made at least $45 million from the attacks and describes several attacks that were unreported.
The eSentire team and Mayes concentrated entirely on the Ryuk/Conti, Sodin/REvil, CLOP, and DoppelPaymer ransomware gangs, as well as two new yet prominent gangs, DarkSide and Avaddon.
Ransomware attacks are niched on specific industries and regions
According to the study, each gang focuses on specific industries and regions of the world. The Ryuk/Conti gang has targeted 352 organizations since 2018, including 63 this year, with an emphasis on manufacturing, construction, and transportation companies.
Dozens of their victims have never been made public, but the most prominent organizations targeted include the Broward County School District and the French cup company CEE Schisler, both of which refused to pay the exorbitant ransoms, according to the study.
Aside from manufacturing, the organization made headlines in 2020 for hacking into the IT networks of small governments throughout the United States, including Jackson County, Georgia, Riviera Beach, Florida, and LaPorte County, Indiana. The ransoms, which ranged from $130,000 to nearly $600,000, were compensated by all three local governments. The gang also spent a large part of 2020 targeting local hospitals.
Cybercriminals managed to attack Acer and Quanta
The people behind the Sodin/REvil ransomware, including the Ryuk/Conti gang, target healthcare organizations while also focusing on laptop manufacturers. With an estimated total of 161 victims, 52 were targeted in 2021 alone. Moreover, they made international headlines with attacks on Acer and Quanta, two of the world's largest technology manufacturers. Quanta, which manufactures Apple notebooks, received a $50 million ransom demand. When the company refused, the Sodin/REvil gang responded by leaking detailed designs of an Apple product.
DoppelPaymer/BitPaymer made a name for itself by targeting government and educational institutions. The FBI issued an alert about the ransomware in December, adding that it was being used to target critical infrastructures such as hospitals and emergency services.
According to the report, Clop became notorious for going through an organization's files and contacting clients or associates to pressure the victim into paying a ransom.
DarkSide has recently been in the news for their massive attack on the Colonial Pipeline, which sparked a political firestorm in the United States. According to the study, the group is one of the newest of the leading ransomware gangs, emerging in late 2020.