#report #cybercrime #HTCT #ransomware
Let's take a look at the “Corporansom: threat number one” highlights⬇️
🔹According to data leak sites, in 2021, the most active #ransomware groups were #Conti, #Lockbit and #Avaddon.
🔹Almost half of the companies whose data was released on DLS in 2021 originate from the US🇺🇸, followed by Canada🇨🇦 and France🇫🇷.
🔹According to the DLS data, the main industries targeted in 2021 were #manufacturing, real estate, and #transportation. In 2020, the situation was almost the same, which suggests that attackers mainly target the same types of companies that they believe to be the most profitable.
🔹In H2 2020 – H1 2021, #RaaS gangs increased the conversion by posting compromised data online on their Data Leak Sites (#DLS). It has become very popular, with the number of victims whose data has been published on DLSs having grown by 935%.
🔹SoftPerfect Network Scanner, Cobalt Strike Beacon, and ADFind were the top 3 most popular tools encountered by Group-IB experts in their response to #ransomware attacks.
Download the report now for more insights -> https://bit.ly/31NMsRX
Let's take a look at the “Corporansom: threat number one” highlights⬇️
🔹According to data leak sites, in 2021, the most active #ransomware groups were #Conti, #Lockbit and #Avaddon.
🔹Almost half of the companies whose data was released on DLS in 2021 originate from the US🇺🇸, followed by Canada🇨🇦 and France🇫🇷.
🔹According to the DLS data, the main industries targeted in 2021 were #manufacturing, real estate, and #transportation. In 2020, the situation was almost the same, which suggests that attackers mainly target the same types of companies that they believe to be the most profitable.
🔹In H2 2020 – H1 2021, #RaaS gangs increased the conversion by posting compromised data online on their Data Leak Sites (#DLS). It has become very popular, with the number of victims whose data has been published on DLSs having grown by 935%.
🔹SoftPerfect Network Scanner, Cobalt Strike Beacon, and ADFind were the top 3 most popular tools encountered by Group-IB experts in their response to #ransomware attacks.
Download the report now for more insights -> https://bit.ly/31NMsRX
Group-IB
Hi-Tech Crime Trends 2021/2022. Uninvited Guests: The Sale of Access to Corporate Networks | Group-IB
Analysis of dark web forums to understand the sale of access to compromised infrastructure.
#report #cybercrime #HTCT #ransomware
Group-IB presents the third volume of its Hi-Tech Crime Trends 2021/2022 report “Big money: threats to financial sector” ⚡️⚡️⚡️
❗️Organizations in the financial sector face a diverse threat landscape, as they are often the preferred targets of financially motivated cybercriminals. In H2 2020 - H1 2021, the cyber threat that stood out as the most damaging to financial sector organizations was ransomware.
🔺In the review period the number of financial organizations whose data was released on DLS increased to 127 compared to 50 a year earlier. Group-IB identified at least 24 groups attacking companies in the financial sector. The most prolific among them were #REvil, #Conti, and #Avaddon.
🔺The market for access to corporate networks has grown significantly. Compared to the previous period, the number of initial access brokers (IABs) has increased from 18 to 47 , while the number of known sale incidents went up from 31 to 95.
Download link -> https://bit.ly/3dLL2tJ
Group-IB presents the third volume of its Hi-Tech Crime Trends 2021/2022 report “Big money: threats to financial sector” ⚡️⚡️⚡️
❗️Organizations in the financial sector face a diverse threat landscape, as they are often the preferred targets of financially motivated cybercriminals. In H2 2020 - H1 2021, the cyber threat that stood out as the most damaging to financial sector organizations was ransomware.
🔺In the review period the number of financial organizations whose data was released on DLS increased to 127 compared to 50 a year earlier. Group-IB identified at least 24 groups attacking companies in the financial sector. The most prolific among them were #REvil, #Conti, and #Avaddon.
🔺The market for access to corporate networks has grown significantly. Compared to the previous period, the number of initial access brokers (IABs) has increased from 18 to 47 , while the number of known sale incidents went up from 31 to 95.
Download link -> https://bit.ly/3dLL2tJ
#ransomware #research #Conti
Group-IB presents its new report on one of the most dangerous ransomware gangs called Conti. You may have heard about them from the news: a state of emergency was declared in Costa Rica due to a ransomware attack. On April 18, cybercriminals attacked the servers of several ministries. The hackers exfiltrated more than a terabyte of databases, correspondence, and internal documents. When the government refused to pay a ransom of $10 million, the ransomware operators doubled it to $20 million. In their message, the hackers said that the attack on Costa Rica was just a test and hinted that far worse attacks were yet to come.
Conti is considered one of the most successful ransomware groups. Group-IB's latest report "CONTI ARMADA: THE ARMATTACK CAMPAIGN" shares data and detailed information about the techniques, tactics, and tools that Conti uses currently. Click here to download it👈
Group-IB presents its new report on one of the most dangerous ransomware gangs called Conti. You may have heard about them from the news: a state of emergency was declared in Costa Rica due to a ransomware attack. On April 18, cybercriminals attacked the servers of several ministries. The hackers exfiltrated more than a terabyte of databases, correspondence, and internal documents. When the government refused to pay a ransom of $10 million, the ransomware operators doubled it to $20 million. In their message, the hackers said that the attack on Costa Rica was just a test and hinted that far worse attacks were yet to come.
Conti is considered one of the most successful ransomware groups. Group-IB's latest report "CONTI ARMADA: THE ARMATTACK CAMPAIGN" shares data and detailed information about the techniques, tactics, and tools that Conti uses currently. Click here to download it👈
👍3🔥1
#ransomware #research #Conti
Here are some highlights from Group-IB's new report "CONTI ARMADA: THE ARMATTACK CAMPAIGN":
▪️The total number of the group’s victims between 2020 (when Conti started its activity) and March 2021 is 813.
▪️The geography of attacks carried out by Conti is vast and does not include Russia. Most attacks fall on the United States, Canada, the United Kingdom, Germany, France, and Italy.
▪️According to the Group-IB Threat Intelligence team, the group’s fastest attack was carried out in exactly three days, from the moment when Conti penetrated the system to encryption.
▪️Group-IB for the first time analyzed Conti’s “working hours”. On average, Conti “works” 14 hours a day without holidays (except for “New Year holidays”) and weekends. The group starts working closer to noon (GMT+3) and its activity declines only after 9:00 PM.
▪️Just like a legitimate IT business, Conti has its own HR, R&D, OSINT, and even customer support departments.
Click here to download the report 👈
Here are some highlights from Group-IB's new report "CONTI ARMADA: THE ARMATTACK CAMPAIGN":
▪️The total number of the group’s victims between 2020 (when Conti started its activity) and March 2021 is 813.
▪️The geography of attacks carried out by Conti is vast and does not include Russia. Most attacks fall on the United States, Canada, the United Kingdom, Germany, France, and Italy.
▪️According to the Group-IB Threat Intelligence team, the group’s fastest attack was carried out in exactly three days, from the moment when Conti penetrated the system to encryption.
▪️Group-IB for the first time analyzed Conti’s “working hours”. On average, Conti “works” 14 hours a day without holidays (except for “New Year holidays”) and weekends. The group starts working closer to noon (GMT+3) and its activity declines only after 9:00 PM.
▪️Just like a legitimate IT business, Conti has its own HR, R&D, OSINT, and even customer support departments.
Click here to download the report 👈
👍5