Ransomware-related data breaches are on the rise, Verizon research finds

The past year has seen a notable increase in ransomware attacks that included data exfiltration as a component, underscoring an ongoing shift in how attacks are monetized, according to Verizon’s major annual breach report.

As in past years, the 2022 Verizon Data Breach Investigation Report aims to take a more comprehensive look at the cyberattack landscape by incorporating findings from a range of organizations, both public and private. The 87 contributors to this year’s report include the FBI, CISA, CrowdStrike, Palo Alto Networks, Proofpoint, Dell and numerous other companies, in addition to a number of teams within Verizon. The study, now in its 15th year, analyzed 5,212 confirmed breaches and 23,896 total security incidents for 2021.

Ransomware attacks that included data exposure increased 13% in 2021 over the previous year, according to the Verizon report. For a study with such a large sample, this is a significant increase that indicates a change in the way attackers operate, said Chris Novak, general manager of the Verizon Threat Research Advisory Center.

By comparison, ransomware attacks in which data was exposed had only increased by 6% in 2020, year over year, which was itself considered a large increase at the time.

Ransomware rarely involved data theft in its early days, but “now the majority of ransomware events include some element of the threat actor taking and exfiltrating the underlying data,” Novak told Protocol.

This is partly a response to the fact that many companies can now restore data from backup in the event of a ransomware attack, making victims less likely to pay a ransom note, he said. he declares. When sensitive data theft is involved, the likelihood of paying a ransom increases dramatically, Novak said.

While an NSA cybersecurity official recently suggested that Russia sanctions contributed to a decrease in ransomware attacks in 2022, Novak said it’s hard to say whether this would indicate a longer trend. term when it comes to ransomware. Due to the financial windfall associated with ransomware, “I don’t believe it’s going to stay or go away,” he said.

Denise W. Whigham