Last year saw a notable jump in ransomware attacks that included exfiltration of data as a component, highlighting an ongoing shift in the way the attacks are monetized, according to Verizon's major annual breach report.
As in past years, the Verizon 2022 Data Breach Investigations Report aims to take a more-comprehensive look at the cyberattack landscape by incorporating findings from a range of organizations, both public and private. The 87 contributors to this year's report include the FBI, CISA, CrowdStrike, Palo Alto Networks, Proofpoint, Dell and many other companies, in addition to a number of teams within Verizon. The study, now in its 15th year, analyzed 5,212 confirmed breaches and 23,896 security incidents overall for 2021.
Ransomware attacks that included data exposure grew 13% in 2021 compared to the previous year, the Verizon report shows. For a study with such a large sample size, that is a significant increase that points to a shift in how attackers are operating, said Chris Novak, managing director of the Verizon Threat Research Advisory Center.
By comparison, ransomware attacks in which data was exposed had climbed just 6% in 2020, year-over-year, which itself was deemed a large increase at the time.
Ransomware rarely involved data theft in its early days, but "now the majority of ransomware events include an element of the threat actor taking and exfiltrating the underlying data," Novak told Protocol.
In part, that's a response to the fact that many companies can now restore data from backup in the event of a ransomware attack, leading the victims to be less likely to pay a ransom demand, he said. When the theft of sensitive data is involved, the likelihood of paying a ransom goes up significantly, Novak said.
While an NSA cybersecurity official recently suggested that sanctions against Russia have contributed to a decrease in ransomware attacks in 2022, Novak said it's hard to say whether this will be indicative of a longer-term trend when it comes to ransomware. Due to the financial windfalls associated with ransomware, "I'm not a believer that it's going to be staying down, or going away," he said.