Ransomware attacks increased 20% in 2020 compared to the previous year, with “double-extortion” tactics used in 59% of cases, according to a report by IBM Security

The 2021 X-Force Threat Intelligence Index also showed how criminals pivoted their attacks to businesses and organisations on which global Covid-19 response efforts relied, including hospitals, medical and pharmaceutical manufacturers, and energy companies.

“In 2020 the world experienced more ransomware attacks compared to 2019, with nearly 60% of ransomware attacks that X-Force responded to using a double extortion strategy whereby attackers encrypted, stole and then threatened to leak data, if the ransom wasn’t paid”, says IBM Security

“In fact, in 2020, 36% of the data breaches that X-Force tracked came from ransomware attacks that also involved alleged data theft, suggesting that data breaches and ransomware attacks are beginning to collide”, it added. The report shows the proportion of attacks involving data theft increased from 5% to 13% year-on-year.

The report, which is based on analysis of “150 billion security events per day”, also said that the most commonly observed ransomware group in 2020 was Sodinokibi. This group is estimated to have made $123million, with two thirds of its victims paying a ransom.

IBM found that the most successful ransomware groups in 2020 were focused on stealing and leaking data, as well as creating ransomware-as-a-service cartels and outsourcing key aspects of their operations to cybercriminals that specialize in different aspects of an attack.

According to the new report, cyberattacks on healthcare, manufacturing, and energy doubled from the year prior, with threat actors targeting organizations that could not afford downtime due to risks of disrupting medical efforts or critical supply chains.

Other trends from the report:

Investment in open-source malware threatens cloud environments

Linux is currently powering an estimated 90% of cloud workloads and the X-Force report detailed a 500% increase in Linux-related malware families in the past decade. This means “cloud environments can become a prime attack vector for threat actors” according to IBM.

Vulnerabilities surpass phishing as most common infection vector – The 2021 report reveals that the most successful way victim environments were accessed last year was scanning and exploiting for vulnerabilities (35%), surpassing phishing (31%) for the first time in years.

Europe felt the brunt of 2020 attacks – Accounting for 31% of attacks Europe experienced more activity than any other region, with ransomware rising as the top culprit. In addition, Europe saw more insider threat attacks than any other region, seeing twice as many such attacks as North America and Asia combined.


Register for free to receive the latest privacy, security and data protection news and analysis straight to your inbox