2 NEW RANSOMWARE TRENDS + 21 ransomware groups were prominent in data exfiltration attacks during 2020. + The top six groups - Maze, Conti, Egregor, DoppelPaymer, NetWalker and Revil - are responsible for attacks on 80% of the total victims. If we summarize 2020 by pointing out the most notable trend we detected in terms of cybercrime activity, our answer would be the “double-extortion” tactic adopted by the most prolific and notorious ransomware gangs. Although it began at the end of 2019, this trend dramatically intensified and increased in 2020. From encryption to exfiltration Classic ransomware attacks involve an intrusion into a victim’s systems with the final goal of encrypting its computer network and dropping a ransom note, demanding a payment (usually in Bitcoins) in exchange for a decryptor for recovering the victim’s files 2 . However, since there is no guarantee the attackers will indeed recoverthe files once the ransom is paid, victims are typically recommended not to pay the ransom. 2.1 DOUBLE TROUBLE: RANSOMWARE AND DATA EXFILTRATION https://www.cisa.gov/ransomware 300 200 100 Maze Conti Egregor DoppelPaymer Netwalker Revil Pysa Darkside Everest Nefilim Avaddon Clop Ragnar Suncrypt Ranzy Locker LockBit RansomExx Mount Locker Sekhmet Pay2Key No Name 80% The top six groups- 80% of the total victims 260 176 146 130 98 79 46 21 21 21 19 19 18 17 9 8 7 6 6 4 1 Number of victims by Ransomware group and percentage of total 2. 6 | The Ransomware Landscape