Skip to content
Evan ClarkJun 4, 2021 12:30:43 PM3 min read

Ransomware Gangs: Who's Behind the Rise in Ransomware Attacks?

Have you noticed a trend in the news lately? It seems like every day there is a major ransomware incident making the headlines. In fact, ransomware payments are up 300%, according to newly released figures.

Another study found a 25% increase in healthcare data breaches in 2020, and these attacks aren't just stealing personal information. They're also infiltrating crucial systems and seizing up the critical infrastructure we rely on. The most recent example was the brazen attack on JBS, the world's largest meat processor, which knocked out production across Australia, the US, and Canada. What and who is behind the bold rise in ransomware attacks in 2021?

Block Ransomware with Endpoint Best Practices -- Download Your Guide

Why Ransomware is on the Rise

Cyber ransomware attacks against major corporations, local governments, and small businesses alike are climbing with hackers taking computer systems hostage and extorting big payouts. This year we have seen Russian ransomware gangs launch unusually aggressive ransomware attacks on our critical infrastructure and causing public panic. These are risky attacks that bring a lot of notoriety to the criminals, but the risk has largely paid off.

The recent attack on Colonial Pipeline resulted in some chaotic behavior in the United States with people hoarding gas in Rubbermaid bins and other unimaginably unsafe containers. For their part, the gang responsible called DarkSide walked away with a $5 million payday. Despite advice from the F.B.I. stating NOT to pay a ransom demanded by ransomware attackers, many companies panic, especially those intimately tied to critical infrastructure, and pay extortionate fees to the criminals. Fear is profitable and business is booming for these brazen hackers.

ransomware on the rise timeline of ransomware evolution from 1989 to 2021

As with any market, as profitability goes up, so too does the number of new entrants into the market. I believe that is what we are seeing here. Hackers are commanding multi-million dollar ransoms and are often being paid quickly in anonymous digital currencies like Bitcoin. The $5 million payday to DarkSide represents a 2,645,403% increase in the value of the ransom demanded from the original $189 ransom that was asked for during the very first ransomware attack 3 decades ago.

Ransomware Gangs: Who’s Behind the Attacks

The White House believes a Russian ransomware gang going by the name REvil is responsible for the attack on JBS. This gang of cybercriminals is part of an alarming trend of organized cybercrime syndicates. The incident at JBS comes just weeks after a ransomware gang known as DarkSide brought fears of an oil shortage after a successful ransomware attack on Colonial Pipeline. In March, we saw Ryuk ransomware infect healthcare organizations nationwide and locally at the University of Vermont Health Center.

DarkSide: the Russian group walked away with millions of dollars after their ransomware attack on Colonial Pipeline that led to a major supply shortage of fuel and panic buying right across the country.

REvil: this Russian gang has been active since 2019, pulling off high-profile attacks targeting the likes of then-president Donald Trump, pop singer Lady Gaga, and Madonna in May 2020. In April 2021 the group stole plans for upcoming Apple product releases from one of the tech giant's suppliers. They then followed up a month later with their bold attack on JBS.

Unfortunately, ransomware gangs show no sign of slowing down their activity. In fact, they appear to be getting bolder and more aggressive with each successful attack. With millions of dollars to invest back into their operations, we will likely continue to see attacks becoming ever more sophisticated. These high-profile attacks are great recruiting tools for the gangs to add new talented and creative cybercriminals to their ranks.

The U.S. Cybersecurity and Infrastructure Security Agency recommend organizations follow a "defense-in-depth" or "layered" approach to security for protection against ransomwareSome examples of layers of security to prevent ransomware include:

Twinstate Technologies is one of the top IT Security provider in Upstate New York, and New England. If you have any concerns about ransomware or your security posture, please reach out to us and our experts will be happy to consult with your team.

endpoint protection block ransomware

Block Ransomware with Endpoint Best Practices -- Download Your Guide