Everything you need

Analysis: 740 organizations faced ransomware attacks and had their data posted to leak sites in Q2 2021, up 47% QoQ; attacks on retail sector grew 183% QoQ

According to a recent research report by cybersecurity firm Digital Shadows, more than 700 companies were hit with ransomware, and their data was posted to data leak websites in the second quarter of 2021.

Of the nearly 2600 victims identified on ransomware leak sites, 740 victims were listed in the second quarter of 2021. This represents a 47% increase over the first quarter of 2014.

The report outlines the major events of the quarter, which included the DarkSide attack on Colonial Pipeline, the attack on global meat processor JBS, and the increase in police action by US agencies in addition to European agencies.

However, Digital Shadows’ Photon Research Team discovered that underneath the surface, new ransomware patterns were emerging. After the Maze ransomware group was instrumental in popularising the idea of a data leak site, double extortion techniques are now popular among groups seeking to cause the most destruction after attacks.

Digital Shadows tracks the information published to the 31 Dark Web leak sites, which gives them access to how many organisations are downloading data in ransomware attacks and then posting it online.


Information from companies operating in the industry-related goods and services industry was popular across Dark Web leak sites, according to the report. Retail, construction and materials technology, healthcare, and other companies also made up the majority of organisations targeted.

Retailers have seen the largest increase in ransomware-related attacks, with Digital Shadows researchers finding a 183% increase in ransomware attacks between Quarter 1 and the second quarter of this year.

The Conti group was the most active in terms of activities, followed by Avaddon, PYSA, and REvil.

“This marks the third consecutive period in which we’ve seen Conti being the one most involved of all of the victims being referred in their DLS. Conti is thought to be connected to Ryuk ransomware, which continuously and brutally targeted organisations in crucial sectors, including the emergency service,” the report said in announcing the group’s devastating attack on the Irish healthcare system.

However, the report points out that, on the overall market for ransomware, a lot of groups vanished or appeared in the middle of the night. According to Digital Shadows, Avaddon, Babuk Locker, DarkSide, and Astro Locker ransomware groups all shut down operations in Q2 of this year, while Vice Society, Hive, Prometheus, LV Ransomware, Xing, and Grief ransomware operations emerged with distinct Dark Web leak sites.

The report also states that 60% of victims are located in the US, with only Canada experiencing a decrease in ransomware-related attacks from the first quarter of Q1 until Q2.

Over 350 US companies were affected by ransomware during Q2 as compared to 46 organisations from France, 39 from the UK, and 35 organisations from Italy.

The authors of the report were unsure if Q3 will see an increase in attacks that resemble the Kaseya ransomware attack, in which REvil operators exploited the zero-day vulnerability to attack over 40 managed service providers.

analysis qoq qoqgreigzdnet

Leave A Reply

Your email address will not be published.