Skip to main content

CrowdStrike Threat Report Shows 82% Increase in Ransomware Data Leaks

By February 18, 2022News

This week, CrowdStrike published their 8th annual Global Threat Report showing a massive increase in ransomware-related data leaks. There were nearly 2,700 attacks in 2021, compared to fewer than 1,500 in 2020 – an 82% increase in just one year.

That’s an eye-popping stat, albeit not a surprising one for those in the cybersecurity industry who’ve had to deal first-hand with the trend the last few years. This “business” (hackers are operating more and more like legitimate firms, even offering customer support) is generating outsized profits, so of course it’s growing. Furthermore, like it or not, affected companies are ponying up.  

More surprising from the report is another stat: the majority of attacks, 62%, are malware-free. That means threat actors initially aren’t “breaking in” to gain access. They’re letting themselves in disguised as normal users, taking advantage of OS vulnerabilities or compromised credentials, then moving laterally undetected to wreak havoc.  

“More surprising from the report is another stat: the majority of attacks, 62%, are malware-free.”

As George Kurtz, CrowdStrike CEO, points out in his recent CNBC interview, it’s why eliminating trust in environments is so crucial nowadays. Whether it’s a laptop, cloud workload, or server, each should be an “armored system” that doesn’t implicitly trust interactions with the others. Furthermore, enterprises need advanced monitoring and detection that moves beyond malware, with the capability of identifying attackers “living off the land.” 

I recommend watching the interview below for a high-level discussion of the research and downloading the full report for an in-depth read. 

Read the Full Report

Highlights from the interview:

“Unfortunately, cybersecurity and the state of it continues to get worse each year from an attack perspective. Our report shows an 82% increase in ransomware-related data theft and extortion. When companies get hit by ransomware, not only do they have to pay for the recovery of that data, but they’re being extorted if they don’t pay by the adversaries who are leaking the data on the internet. It’s almost like a hostage crisis, where hostages are being harmed until someone pays.” 
The line between state and non-state actors is getting blurred. Ransomware is a great way to get money in and out of the country for countries under embargo. When you look at an organization like Russia, a lot of the state-sponsored actors are able to moonlight in off hours. 
3 key adversary groups, with activity on the rise from each: 

  • Nation-state 
  • eCrime 
  • Hacktivism 
We’ve seen a lot of the nation-state techniques and weaponry move downstream into the eCrime world. eCrime groups have been very effective at weaponizing nation-state techniques for ransomware. 
When we talk about intrusions, a lot of people think it’s just malware related – I get a bad link and click on it and it infects me. That’s part of it. But 62% don’t actually use malware. They’re taking advantage of vulnerabilities in operating systems, email systems, credential theft, and they’re able to get into a system and blend in as a normal user. This is why Zero Trust is so important.”

Leave a Reply