Maze ransomware group released exfiltrated data of Allied Universal, after they refused to pay ransom 30% of ransomware attacks included a threat to release data 22% involved exfiltration of data 12+ variants use “double extortion” 50% of ransomware attacks lead to data exfiltration 1,000+ companies worldwide suffered data leaks following a ransomware attack In Q2 2020, 30% of ransomware cases included a threat to release exfiltrated data and 22% of cases actually involved exfiltration of data. The number of variants currently using the “double extortion” tactic has increased to over a dozen variants in Q2 6 . In November 2020, it was published that 50% of ransomware attacks lead to data exfiltration 7 , and in December 2020, researchers found that more than 1,000 companies globally had their data leaked following a ransomware attack, leading them to predict that 2021 will be the “year of extortion”, since cybercriminals move from attacks focused on data encryption to data exfiltration 8 . Furthermore, in some cases, it was observed that ransomware gangs even skipped the ransomware encryption stage and only threatened to publish the stolen data 9 . Our team conducted a statistical analysis of 1,112 cases of ransomware attacks carried out during 2020 that resulted in the publication of data exfiltrated from the victims by the ransomware strain operators. Our analysis revealed that 21 groups were involved in ransomware attacks that resulted in the public release of the data exfiltrated from the ransomware attack victims, in 2020. In addition, we identified that the top six most active ransomware gangs involved in these attacks (by the number of victims) were Maze (260), Conti (176), Egregor (146), DoppelPaymer (130), NetWalker (98) and Revil (79), accounting together to 80% of the total victims. Maze ransomware, the gang that started the “double extortion” trend, leads the chart, even though they shut their operations in October 2020. https://healthitsecurity.com/news/50-of-ransomware-attacks-lead-to-data-exfiltration-payments-hit-234k https://www.acronis.com/en-us/blog/posts/acronis-cyberthreats-report-2021-will-be-year-extortion https://threatpost.com/ransomware-getting-ahead-inevitable-attack/162655/ https://www.coveware.com/blog/q2-2020-ransomware-marketplace-report 7. 8. 9. 6. Nov 2019 Dec 2020 Double extortion ransomware timeline 9 | The Ransomware Landscape