Security News > 2021 > March > Ransomware is a multi-billion industry and it keeps growing
An analysis from global cybersecurity company Group-IB reveals that ransomware attacks more than doubled last year and increased in both scale and sophistication.
Pulling data from more than 500 attacks analyzed in incident response jobs, Group-IB was able to provide an overview of the evolution of the ransomware business in 2020 and the tactics, techniques, and procedures used in the events leading to encrypting victim systems.
The ransomware scene got larger and more dynamic, with operations of some prominent players being impacted or terminated either due to law enforcement efforts [1, 2] or because they retired [1, 2, 3]. More and more actors now have leak sites where they publish stolen data from victims that did not pay the ransom.
"Group-IB DFIR team observed that 64% of all ransomware attacks it analyzed in 2020 came from operators using the RaaS model. The prevalence of affiliate programs in the underground was the underlying trend of 2020.".
To help defenders stay up-to-date with how ransomware gangs operate, Group-IB mapped the most common TTPs observed during their 2020 incident response engagements according to the MITRE ATT&CK knowledge base of adversary tactics.
Oleg Skulkin, senior digital forensics analyst at Group-IB, says that ransomware has become "An organized multi-billion industry with competition within, market leaders, strategic alliances, and various business models."