EXECUTIVE SUMMARY
During the last decade ransomware has become one of the most devastating types of attacks, impacting organisations of all sizes worldwide. Quickly adapting to new business models with advanced threat actors leveraging the cybercrime ecosystem for a better distribution of labour, ransomware has managed to increase its reach and impact significantly. No business is safe.
This report aims to bring new insights into the reality of ransomware incidents through mapping and studying ransomware incidents from May 2021 to June 2022. The findings are grim. Ransomware has adapted and evolved, becoming more efficient and causing more devastating attacks. Businesses should be ready not only for the possibility of their assets being targeted by ransomware but also to have their most private information stolen and possibly leaked or sold on the Internet to the highest bidder.
The main highlights of the report include the following:
• A novel LEDS matrix (Lock, Encrypt, Delete, Steal) that accurately maps ransomware capabilities based on the actions performed and assets targeted;
• A detailed and in-depth analysis of the ransomware life cycle: initial access, execution, action on objectives, blackmail, and ransom negotiation;
• Collection and in-depth analysis of 623 ransomware incidents from May 2021 to June 2022;
• More than 10 terabytes of data stolen monthly by ransomware from targeted organisations;
• Approximately 58.2% of all the stolen data contains GDPR personal data based on this analysis;
• In 95.3% of the incidents it is not known how threat actors obtained initial access into the target organisation;
• It is estimated that more than 60% of affected organisations may have paid ransom demands;
• At least 47 unique ransomware threat actors were found.
The report also highlights issues with the reporting of ransomware incidents and the fact that we still have limited knowledge and information regarding such incidents. The analysis in this report indicates that publicly disclosed incidents are just the tip of the iceberg.
Along with a general recommendation to contact the competent cybersecurity authorities and law enforcement in cases of ransomware attacks, several other recommendations are put forward, both to build resilience against such attacks and to mitigate their impact.
