The extortion attacks pose a threat to any company around the world. According to data provided by the Atlas VPN team, since the beginning of this year, hackers have stolen more than 30 Tbytes of personal data and other critical information from various companies in more than 300 attacks, taking into account statistics from only a number of key regions.
The data are based on a report by the European Cybersecurity Agency – Threat Landscape for Ransomware Attacks, dated July 2022 – an analysis of 623 incidents involving extortion hackers in the EU, the UK, and the United States from May 2021 to June 2022, but only 2022 was compiled in Atlas VPN, and it is alleged that the data were obtained from government sources, cyber-security companies and even "verified sources" from Ducknet.
In January, hackers stole 5 Tbytes of data, in February, another 7 Tbytes, including NVIDIA. The intruders claimed that they had stolen 1 Tbyte of various data and demanded a ransom of $1 million, which was for the Lapsus group. In March, 16 Tbytes of personal data were stolen, including the DENSO corporate network that produced auto parts for companies like Toyota and Mercedes-Benz. As a result, the Pandora hacking group posted 1.4 Tbytes of various files. In April, hackers abducted 3 more Tbytes, and in May, the total amount of stolen data reached 34 Tbytes and remained at the same level until the end of June.
Although many hackers seem to have gone to "knicks", some extortion activity persists. 320 extortion incidents affected businesses in the first half of 2022. The number of incidents is very different from month to month, and the number has also fallen dramatically with the onset of summer. For example, in June, only four significant incidents of extortion were recorded in these regions.
In fact, the number of incidents may be much higher, as many companies prefer not to report incidents for fear of reputational damage and sometimes even prefer to pay the required ransom.
The extortion software is becoming increasingly efficient and dangerous. Atlas VPN believes that companies should be prepared to have their most confidential information potentially stolen and posted online. Experts recommend increasing the resilience of systems to break-in and always report incidents to law enforcement agencies.