Ransomware operator and corporate-access broker partnerships have prompted the number of organizations hit by double extortion
ransomware attacks, or those which had their stolen data exposed on leak sites to increase by 935% over the past 12 months, reports Threatpost
Group-IB researchers discovered that active initial access brokers rose from 85 to 229 during the same period, while access sale offers increased by threefold. Moreover, the number of ransomware-as-a-service affiliates and new leak sites also grew.
"Poor corporate cyber risk management combined with the fact that tools for conducting attacks against corporate networks are widely available both contributed to a record-breaking rise in the number of initial access brokers," said the report.
Researchers also found that the Conti ransomware group was the most aggressive in leaking exfiltrated data on leak sites this year. Moreover, the US had the most number of double extortion victims, while the manufacturing, education, financial services, health care, and commerce sectors were most hit by such attacks.