Ransomware and extortion attacks have become a common and worrying threat. Furthermore, the availability of network access via IABs has been playing a key role in promoting these types of attacks. This report by KELA provides an overview of the ransomware and extortion landscape in 2022.

Some stats your way

In 2022, KELA recorded almost 2,800 victims of ransomware and extortion attacks across various platforms, who were listed on approximately 60 different platforms.
  • The average ransom demand was around $ 3.7 million.
  • LockBit, BlackCat, Black Basta, Hive, and Conti accounted for over 50% of all victims. 
  • The U.S. was the most affected at 40%, followed by the U.K, Germany, Canada, and France. 
  • Initial access to corporate systems totaled over 2,200 offers for a price of $4.5 million.

IABs paving the way

  • A report by Group-IB stated that the number of cases of corporate access being sold on the dark web by Initial Access Brokers (IABs) has seen a significant increase, doubling to 2,348 cases detected between H2 2021 and H1 2022.
  • In 2022, KELA observed several ransomware and extortion attacks that appear to have originated from network access offered for sale among cybercriminals. The threat actors involved in these attacks included Blackbyte, Quantum, Hive, Alphv, and the alleged successor of REvil.

The bottom line

Cybercriminals have discovered new ways to profit from their malicious activities. Despite ongoing efforts by governments to combat ransomware, it is expected to remain a major threat to businesses and governments worldwide in 2023. The steady number of victims is a testament to the ingenuity of ransomware groups and the willingness of victims to pay for their data to be restored.
Cyware Publisher

Publisher

Cyware