Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Ransomware-Related Data Leaks Nearly Doubled in 2021: Report

There was a significant increase in ransomware-related data leaks and interactive intrusions in 2021, according to the 2022 Global Threat Report released on Tuesday by endpoint security firm CrowdStrike.

There was a significant increase in ransomware-related data leaks and interactive intrusions in 2021, according to the 2022 Global Threat Report released on Tuesday by endpoint security firm CrowdStrike.

The number of ransomware attacks that led to data leaks increased from 1,474 in 2020 to 2,686 in 2021, which represents an 82% increase. The sectors most impacted by data leaks in 2021 were industrial and engineering, manufacturing, and technology.

Sectors targeted by ransomware

“The growth and impact of [big game hunting] in 2021 was a palpable force felt across all sectors and in nearly every region of the world. Although some adversaries and ransomware ceased operations in 2021, the overall number of operating ransomware families increased,” CrowdStrike said in its report.

[ READ: Swissport Investigating Ransomware Group’s Data Leak Claims ]

As for interactive intrusions, which involve hands-on-keyboard activity, CrowdStrike saw a 45% increase in 2021, with 62% of attacks involving no malware, only hands-on activity. Nearly half of interactive intrusions were conducted by profit-driven cybercriminals — the cybersecurity firm calls it eCrime activity.

In these eCrime attacks, the average breakout time — the time it took the attacker to move laterally from the initially compromised system to another host within the victim’s network — was 1 hour and 38 minutes.

CrowdStrike added 21 new named adversaries to its database last year and the company now tracks a total of more than 170 threat groups.

Advertisement. Scroll to continue reading.

The company’s report highlights disruptive operations linked to Iran, with threat actors and activity clusters using “lock-and-leak” tactics to target organizations in the United States, Israel and the MENA region.

“Lock-and-leak operations are characterized by criminal or hacktivist fronts using ransomware to encrypt target networks and subsequently leak victim information via actor-controlled personas or entities,” CrowdStrike explained. “Since they inauthentically operate as a criminal or hacktivist entity, these types of operations conduct activity beneath a veneer of deniability. Through the use of dedicated leak sites, social media and chat platforms, these actors are able to amplify data leaks and conduct [information operations] against target countries.”

The report also highlights China-linked activity, with China being named the “leader in vulnerability exploitation.” The number of new security flaws exploited by Chinese threat actors in 2021 was 12, six times higher than in 2020.

While it’s not uncommon for Chinese threat actors to develop exploits for their targeted intrusions, they have typically leveraged exploits requiring user interaction, such as opening malicious documents or accessing websites hosting malicious code. However, in 2021, they appeared to shift focus to security holes affecting internet-facing devices or services.

The complete 2022 Global Threat Report (PDF) is available on CrowdStrike’s website.

Related: Russian State-Sponsored Hackers Are Fastest: CrowdStrike

Related: Telecom Sector Increasingly Targeted by Chinese Hackers: CrowdStrike

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.