Gone are the days when ransomware operators were happy with encrypting files on-site and more or less discretely charged their victims money for a decryption key. What we commonly find now is encryption with the additional threat of leaking stolen data, generally called Double-Extortion (or, as we like to call it: Cyber Extortion or Cy-X). This is a unique form of cybercrime in that we can observe and analyze some of the criminal action via ‘victim shaming’ leak sites.
Since January 2020, we have applied ourselves to identifying as many of these sites as possible to record and document the victims who feature on them. Adding our own research, analyzing, and enriching data scraped from the various Cy-X operators and market sites, we can provide direct insights into the victimology from this specific perspective.
We must be clear that what we are analyzing is a limited perspective on the crime. Nevertheless, the data gleaned from an analysis of the leak-threats proves to be extremely instructive.
We’ll refer to the listing of a compromised organization on a Cy-X leak site as a ‘leak threat’. The numbers you’ll see in most of the charts below refer to counts of such individual threats on the onion sites of the Cy-X groups we’ve been able to identify and track over the last two years.
A boom in leak threats
Despite the vagaries of the environment we’re observing, the number of unique leaks serves as reliable proxy for the scale of this crime, and its general trends over time. We observed an almost six-fold increase in leak-threats from the first quarter of 2020 to the third quarter of 2021. Read more:https://bit.ly/3AgE6PT