Ransomware operator and corporate-access broker partnerships have prompted the number of organizations hit by double extortion ransomware attacks, or those which had their stolen data exposed on leak sites to increase by 935% over the past 12 months, reports Threatpost.
Group-IB researchers discovered that active initial access brokers rose from 85 to 229 during the same period, while access sale offers increased by threefold. Moreover, the number of ransomware-as-a-service affiliates and new leak sites also grew.
"Poor corporate cyber risk management combined with the fact that tools for conducting attacks against corporate networks are widely available both contributed to a record-breaking rise in the number of initial access brokers," said the report.
Researchers also found that the Conti ransomware group was the most aggressive in leaking exfiltrated data on leak sites this year. Moreover, the US had the most number of double extortion victims, while the manufacturing, education, financial services, health care, and commerce sectors were most hit by such attacks.
Ukraine has been targeted by Russian threat actors in the new Operation Texontodisinformation campaign that also involved spear-phishing and credential exfiltration tactics, according to The Hacker News.
Record high ransomware and data extortion incidents experienced by Western nations last year have prompted former National Security Agency Director Michael Rogers to call for a reevaluation of their cybersecurity defense strategy.