Security News > 2021 > December > PYSA ransomware behind most double extortion attacks in November
Security analysts from NCC Group report that ransomware attacks in November 2021 increased over the past month, with double-extortion continuing to be a powerful tool in threat actors' arsenal.
The spotlight in November was stolen by the PYSA ransomware group, which had an explosive rise in infections, recording an increase of 50%. Other dominant ransomware groups are Lockbit and Conti, which launched attacks against critical entities, albeit fewer than in previous months.
Like almost all ransomware groups currently, PYSA exfiltrates data from the compromised network and then encrypts the originals to disrupt operations.
Another actor the NCC group report focuses on is Everest, a Russian-speaking ransomware gang who currently uses a new extortion method.
"While selling ransomware-as-a-service has seen a surge in popularity over the last year, this is a rare instance of a group forgoing a request for a ransom and offering access to IT infrastructure - but we may see copycat attacks in 2022 and beyond," comments NCC Group's report.
Ransomware is a shifting threat that quickly evolves to new defenses, so several security precautions and measures are required to protect against it sufficiently.
News URL
Related news
- Casio says data of 8,500 people exposed in October ransomware attack (source)
- Preventing the next ransomware attack with help from AI (source)
- Ransomware on ESXi: The mechanization of virtualized attacks (source)
- OneBlood confirms personal data stolen in July ransomware attack (source)
- Enzo Biochem settles lawsuit over 2023 ransomware attack for $7.5M (source)
- Medusa ransomware group claims attack on UK's Gateshead Council (source)
- Ransomware attack forces Brit high school to shut doors (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Security pros more confident about fending off ransomware, despite being battered by attacks (source)
- Only 13% of organizations fully recover data after a ransomware attack (source)