• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Project of the Week
  • About Us
    SEARCH
IT Infrastructure, Network Security, News

Ransomware Attacks Increase Threefold; IT Must Adapt

According to NCC Group, ransomware attacks have increased threefold this year as bad actors become more sophisticated and organized.

September 8, 2021 Zachary Comeau Leave a Comment

Royal Ransomware
stock.adobe.com

When the U.S. government began pressuring Russia to do more to stop ransomware groups originating from that country from attacking U.S.-based organizations, IT and cybersecurity professionals were hopeful that those actions would pay off.

Shortly after a meeting between the two country’s leaders, infamous ransomware group rEvil went dark, which some thought was a sign that political pressure and law enforcement activities were finally working.

However, the rEvil group has recently resurfaced, and there are no clear signs that ransomware actors are slowing down, says Christo Butcher, global lead for threat intelligence at cybersecurity and risk mitigation firm NCC Group.

Ransomware attacks analyzed by the consulting firm are continuing to increase as cybercrime takes on a model similar to most successful tech companies and ransomware actors ramp up the pressure on their victims.

Ransomware increases threefold in 2021

According to a recent NCC group report, the number of ransomware attacks analyzed by the team has increased by 288% between January-March 2021 and April-June 2021, which was even before the devastating rEvil attack that leveraged the Kaseya VSA product and a network of managed service providers.

Perhaps the biggest reason for the proliferation of ransomware is because the ransomware economy has matured to the point where these organizations are run as well as any other corporation. Organizations sell access to organizations’ networks, and ransomware developers sell their services to third party affiliates in what is known as the ransomware-as-a-service (RaaS) model.

“What we see causing this is that ransomware is just so successful,” Butcher said. “It’s great business.”

New actors are constantly joining the ransomware market, which is forcing the more mature groups to scale up their operations and remain competitive – much like any other vertical market.

“The bigger, more mature, more successful ransomware gangs really invest in that scale,” Butcher says. “You can compare it with traditional IT going into the cloud and letting things scale. Not only ransomware gangs, but also the whole ecosystem around that gearing up to scale well, and that brings in more money and makes it even more lucrative.”

According to NCC Group’s findings, most of these attacks are targeting organizations based in the U.S., followed by European-based entities.

New ransomware groups have emerged as leaders in the space, including Conti and Avaddon, which are linked to 39% of ransomware leaks analyzed between April and June.

Listen: My TechDecisions Podcast Episode 138: The Growing Threat of Ransomware

Extortion threats are now standard

Ransomware gangs aren’t just holding data hostage in expectations of a big pay day. With organizations now investing in stronger backups and other technologies, ransomware gangs are threatening to release sensitive data unless the six-figure ransom is paid.

That trend continues to escalate, with double extortion becoming the standard practice, Butcher says.

In some cases, the typical encryption of files isn’t even concluded before the bad actor threatens to release the sensitive data, Butcher says.

That method has also given rise to triple extortion schemes in which ransomware operators threaten to tell stakeholders, stockholders, customers and the general public that the organization has been hacked with the goal of negatively influencing the victim’s value and public perception.

According to Butcher, ransomware actors are also threatening to conduct DDoS attacks to make the compromise more publicly visible. These are all indications that ransomware operators are taking the time to innovate and are no longer looking to make a quick dollar.

“From the criminal mindset, it’s very simple: they will just take whatever means they have to put you under pressure,” Butcher says.

Read Next: IT Should Be Extra Vigilant Around Holiday Weekends

Organizations must design IT with security in mind

If IT admins aren’t already implementing multi-factor authentication, air-gapped backups or phishing protections, they should look at their security posture and make some changes quickly. Those IT security practices should now be standard in most organizations, Butcher says.

“Getting all of that right is very important and is where a lot of mistakes are made,” Butcher says.

But now, organizations have to think about designing their IT systems with security in mind, including implementing a Zero Trust architecture to make it harder for an attacker to access the network, but also make it harder for an attacker to move laterally within an organization’s IT environment.

A successful Zero Trust implementation can limit what an attacker is able to do and keep the intruder’s actions isolated on one system, which was exemplified in a recent NCC Group investigation into a client.

However, the same threat actor attacked a different organization that didn’t have good network segmentation, and their entire network was compromised quickly.

Butcher also called on organizations to invest more in threat detection so they can respond immediately once an intruder gains network access. However, cybercriminals are getting better at studying white hat tools and finding ways to get around them, so IT administrators need to implement systems and practices that are better than the attackers’.

Other measures to help protect against ransomware attacks include:

  • Developing a response plan. When an alarm bell does go off, IT departments need to follow a plan that can help them limit the threat actor, kick them out and repair any holes in their IT infrastructure.
  • Vulnerability scanning and patching. Aside from phishing attacks, vulnerabilities in IT products are one of the most common intrusion vectors for ransomware actors. Keeping systems patched and up to date is one of the most important things to do to keep your organization secure.
  • Understanding who is targeting your organization. Developing a profile of threat actors that may target your organization can help you implement the right security tools and protocols specific to how those actors operate. This can help you distinguish normal activity from suspicious activity.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Tagged With: Cybersecurity, NCC Group, ransomware

Related Content:

  • Cloud, SASE, Aryaka How the Cloud is Redefining Media Production and…
  • Singlewire Software mass notification interview Singlewire Software on Mass Notification Solutions
  • URI catchbox 1 Catchbox Plus: The Mic Solution That Finally Gave…
  • Engaging virtual meeting with diverse participants discussing creative ideas in a bright office space during daylight hours Diversified Survey: Workplace AV Tech is Falling Short,…

Free downloadable guide you may like:

  • Practical Design Guide for Office SpacesPractical Design Guide for Office Spaces

    Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-face time with co-workers. When designing the office spaces — and meeting spaces in particular — enabling that connection between co-workers is crucial. But introducing the right collaboration technology in meeting spaces can […]

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Contact Us
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSYour Privacy ChoicesTERMS OF USEPRIVACY POLICY

© 2025 Emerald X, LLC. All rights reserved.