Ransomware still winning: Average ransom demand jumped by 45%

Group-IB unveils its guide to the evolution of threat number one “Ransomware Uncovered 2021/2022”. The findings of the second edition of the report indicate that the ransomware empire kept its winning streak going with the average ransom demand growing by 45% to reach $247,000 in 2021.

average ransom demand

Ransomware gangs have also become way greedier since 2020. A record-breaking ransom of $240 million ($30 mln in 2020) was demanded by Hive from MediaMarkt. Hive and another 2021 newcomer to the Big Game Hunting, Grief, quickly made its way to the top 10 gangs by the number of victims posted on dedicated leak sites (DLS).

Ransomware assembly line

The new report takes stock of the most up-to-date tactics, techniques, and procedures (TTPs) of ransomware threat actors observed across all geographic locations by Group-IB Digital Forensics and Incident Response (DFIR) team. In addition to the analysis of more than 700 attacks investigated, the report also examines ransomware DLS.

Human-operated ransomware attacks have maintained the global cyber threat landscape lead by solid margins over the last three years. The rise of initial access brokers and the expansion of Ransomware-as-a-Service programs (RaaS) have become the two main driving forces behind continuous growth of ransomware operations. RaaS made it possible for low-skilled cybercriminals to join the game to ultimately bring the victim numbers up.

Based on the analysis of more than 700 attacks in 2021, experts estimated that the ransom demand averaged $247,000 in 2021, 45% more than in 2020. Ransomware evolved with more sophistication which is clearly visible from the victim’s downtime, which increased from 18 days in 2020 to 22 days in 2021.

RaaS programs started offering their affiliates not only ransomware builds, but also custom tools for data exfiltration to simplify and streamline operations. As such, the double extortion technique became even more widespread – sensitive victim data was exfiltrated as a leverage to get the ransom paid in 63% of cases analyzed. Between the Q1’2021 and Q1’2022, ransomware gangs posted data belonging to more than 3,500 victims on DLS.

Most companies whose data was posted on DLS by…


Putin promises to bolster Russia’s IT security

President Vladimir Putin said on Friday that the number of cyber attacks on Russia by foreign “state structures” had increased several times over and that Russia must bolster its cyber defences by reducing the use of foreign software and hardware.

The websites of many state-owned companies and news websites have suffered sporadic hacking attempts since Russia sent its armed forces into Ukraine on Feb. 24, often to show information that is at odds with Moscow’s official line on the conflict.

“Targeted attempts are being made to disable the internet resources of Russia’s critical information infrastructure,” Putin said, adding that media and financial institutions had been targeted.

“Serious attacks have been launched against the official sites of government agencies. Attempts to illegally penetrate the corporate networks of leading Russian companies are much more frequent as well,” he said.

Read more: Putin says sanctions hurting West more than Russia

In a meeting with the Security Council, Putin said that Russia would need to improve information security in key sectors and switch to using domestic technology and equipment.

“Restrictions on foreign IT, software and products have become one of the tools of sanctions pressure on Russia,” Putin said. “A number of Western suppliers have unilaterally stopped technical support of their equipment in Russia.”

He said cases of programmes getting blocked after being updated were becoming more frequent.

Data leaks

State communications regulator Roskomnadzor on Wednesday said it had blocked a website that was hosting the personal data of a number of companies’ clients. It did not name the companies.

Russia’s second-biggest bank VTB (VTBR.MM) was quoted by media as saying some customers’ phone numbers had been leaked but there was no risk to their funds.

E-commerce player Wildberries and online marketplace Avito denied reports in Russian media that their data had been leaked.

A data leak in early March exposed the personal details of more than 58,000 people on tech giant Yandex’s (YNDX.O) food delivery app, Yandex.Eda. read more

Yandex.Eda competitor Delivery Club on Friday apologised to users after it suffered a data leak on orders placed…


Is your employer watching you? Demand for employee surveillance software skyrockets

This is the weekly Careers newsletter. If you’re reading this on the web or someone forwarded this e-mail newsletter to you, you can sign up for Globe Careers and all Globe newsletters here.

Déjà Leonard is a copywriter and freelance journalist based in Calgary.

You log in to your work computer, coffee in hand, sweatpants on, ready to work. It’s just you, your tasks for the day and anyone else you might share a living space with – or is it?

According to a recent report from top10vpn.com, an internet security firm that reviews VPN services, the demand for employee surveillance software is up 59 per cent since the pandemic started.

While this may seem sinister to some, and unsurprising to others, the uptick in interest isn’t completely unwarranted. One study reveals that eight in 10 remote workers in the U.S. admit to slacking off during work hours, and more than 43 per cent admitted to visiting pornographic websites on their laptops.

The problem with surveillance software

“The rapid rise of such invasive software risks setting new standards of workplace surveillance and dramatically undermining employees’ right to privacy,” the top10vpn report states.

While privacy is a concern, when you dig deeper, the more prominent issue for both employers and employees may be withdrawal.

Research from behavioural Scientist suggests that when people know they are being monitored, the breakdown in trust can lead to disengagement, which ultimately, and somewhat ironically, leads to even less productivity.

The report shows two of the most popular software for monitoring employees included Hubstaff and FlexiSPY. Here’s a quick look at some of the features of these software.

  • Screen monitoring
  • Keystroke logging (recording the keys struck on a keyboard)
  • Location tracking
  • Time tracking

Everything Hubstaff can do, plus:

  • Remote-control take over
  • Call tapping
  • Webcam surveillance
  • Instant messaging (IM) monitoring

How governments and people are taking action

In Canada, governments are starting to look at the issue. Recently, Ontario became the first province to require companies with more than 25 employees to disclose if and how they are being monitored electronically including through…


Ransomware attack exposed data of half-million Chicago students, staff

The personal information of more than half a million Public Schools students and staff was compromised in a ransomware attack last December, but the vendor didn’t report it to the district until last month, officials said.

The data breach occurred December 1 and technology vendor Battelle for Kids notified CPS April on 26, the district said Friday.

A server used to store student and staff information was breached and four years’ worth of records were accessed, CPS said.

In total, 495,448 student and 56,138 employee records were accessed from 2015-16 through 2018-2019 school years, CPS said.

The data included students’ names, schools, dates of birth, gender, CPS identification numbers, state student identification numbers, class schedule information and scores on course-specific assessments used for teacher evaluations.

Employee data accessed for those years included names, employee identification numbers, school and course information and emails and usernames.

CPS said the breached server did not store any other records.

There were no Social Security numbers, no financial information, no health data, no current course or schedule information, no home addresses and no course grades, standardized test scores, or teacher evaluation scores exposed in this incident, the district said in a statement.

CPS said there is no evidence the data has been misused, posted or distributed, but offered affected families a year of credit monitoring and identity theft protection.

CPS representatives said the district has been informing affected families and staff and would also notify those whose records weren’t accessed to provide them with peace of mind.

The FBI and Department of Homeland Security both investigated the breach and the vendor is monitoring and will continue to monitor the internet in case the data is posted or distributed,” CPS said.

Battelle for Kids was hired to help district leaders conduct CPS’ REACH teacher evaluation program.

Those evaluations take into account the growth in students’ academic performance each year.

CPS said it was notified of the breach by Battelle for…