The Number of Ransomware Victims is Greatly Underreported

The Number of Ransomware Victims is Greatly Underreported

Is the number of ransomware victims accurate?

It seems hard to believe that ransomware numbers are underreported. After all, hardly a week goes by without news of another high-profile victim. And most days, there is news of a small business being locked out of its systems.

Yet the eSentire Ransomware Report claims the official numbers run far below the actual totals. The report said that six primary ransomware gangs managed to compromise almost 300 organizations in the first four months of the 2021. Researchers estimate that their haul came to close to $50 million and believe that many more victims pay up and manage to avoid publicity.

Their reasons for keeping quiet vary. Some hope to avoid damage to their brand reputation. Another motivation might be maintenance of share price or seeking to avoid publicity that might endanger massive financial deals about to close.

Ransomware Gang Territories

The report estimates that the various groups involved split the booty between them. They each have a different speciality. Each gang focuses on particular industries and regions of the world, according to the report.

The mob behind the Colonial Pipeline attack is known as DarkSide. In the first six months of their existence, they have managed to impact about 100 organizations. Their business model is that of ransomware-as-a-service. They provide freelancers and contractors with tools to infiltrate corporate defenses and then get a cut of the ransom.

The good news is that increased law enforcement scrutiny caused DarkSide to go shut down and underground, at least temporarily. Energy providers have become something of a specialty for DarkSide, with Brazilian electric utility Companhia Paranaense de Energia also held to ransom this year.

Another growing gang is Ryuk/Conti. It has attacked more than 35 organizations since 2018. 63 of them took place this year. Instead of going after energy and infrastructure, their preference is manufacturing, construction, transportation, education, and local government. Recent victims include Broward County School District, CEE Schisler, and government systems in Georgia, Florida, and Indiana. Three of the local governments paid the ransoms (anywhere from $130,000 to $600,000), but the others did not.

Like the Ryuk/Conti gang, the people behind the Sodin/REvil ransomware focus on healthcare organizations while also devoting their efforts to attacking laptop manufacturers. Of their 161 victims, 52 were hit in 2021 and they made international news with attacks on Acer and Quanta, two of the world’s biggest technology manufacturers.

Stern Warning on Ransomware

The eSentire report include a stern warning:

“Another sobering realization is that no single industry is immune from this ransomware scourge. These debilitating attacks are happening across all regions and all sectors, and it is imperative that all companies and private-sector organizations implement security protections to mitigate the damages stemming from of a ransomware attack.”

That includes ensuring all vital patches have been deployed on every server and endpoint, and that no hidden vulnerabilities exist for hackers to exploit.

How to Prevent Ransomware Attacks

Syxsense Secure is a patch management platform that includes IT management and vulnerability scanning in one console. It not only shows you what’s wrong, but also deploys the solution.

Gain visibility into OS and third-party vulnerabilities like defects, errors, or misconfigurations of components, while increasing cyber resilience with automated patching and security scans.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.