Damage caused by encryption viruses since late 2019 exceeded $1 billion.

From November 2019 to November 2020, hackers launched over 500 public attacks using encryption viruses in more than 45 countries. The total damage from their activities exceeded $1 billion, according to Group-IB specialists.

The most popular targets for extortionists were companies from the USA: they accounted for about 60% of all known attacks. The share of attacks in European countries was about 20%. The Americas (excluding the United States) and Asia accounted for about 10% and 7% respectively.

The top five most attacked industries include manufacturing – 94 victims, retail – 51 victims, government agencies – 39 victims, healthcare – 38 victims, construction – 30 victims.

The most dangerous encryptors are Maze and REvil, which have accounted for more than 50% of successful attacks since late 2019. They are followed by Ryuk, NetWalker and DoppelPaymer.

According to Group-IB experts, private and public partnership programmes with attackers who specialise in compromising corporate networks have brought popularity to encrypters.

„Operators of encrypters buy out access and attack the victim. After they pay the ransom, the partner receives a percentage of this amount,“ said the specialists.

Since the end of 2019, the extortionists have been copying all of the victim company’s information for Bitcoin Revolution before encryption to their servers for further blackmail. If the victim does not pay the ransom, not only will they lose the data, but they will also see it in the public domain. In June 2020, REvil started holding auctions where stolen data was used as lots.

„The real damage from the attacks is many times higher, as the affected companies often keep the incident quiet by paying extortionists, or the attack is not accompanied by the publication of data from the victim’s network,“ added to Group-IB.

Recall that in the first half of 2020, encryptors disappeared from the top threats – they accounted for only 1% of all hacker attacks. However, in the third quarter they accounted for about 51% of all malware attacks.