Cyber criminals engaging in ransomware attacks are focusing more on specific companies and industries this year according to cybersecurity firm Kaspersky.

“Over the past couple years, widespread ransomware attacks — where criminals use malware to encrypt your data and hold it for ransom — have been replaced by more targeted attacks against specific companies and industries,” said Kaspersky.

The cybersecurity firm observed the trend in a recent analysis of two significant ransomware groups Ragnar Locker and Egregor. Attackers not only threaten to encrypt data but also publish the stolen data online in such attacks.

First discovered in 2019, Ragnar Locker became more prominent in the first half of 2020 when it was observed attacking large organisations.

The attacks are highly targeted and specifically tailored to the intended victim. The organisations whose data is stolen and refuse to pay have their data published on the “Wall of Shame” section of the group’s leaks site. If the victim chats with the attackers and then refuses to pay, this chat is also published, said Kaspersky. Ragnar Lockr primarily targeted companies in the United States across different industries.

Egregor was first discovered in September 2020. It also shares some similar tactics and code with the notorious ransomware group Maze. “The malware is typically dropped by breaching the network, once the target’s data has been exfiltrated, gives the victim 72 hours to pay the ransom before the stolen information goes public,” explained Kaspersky.

The confidential data of the company is published on the leaks site if the victims refuse to pay.

Egregor has been seen targeting companies across North America, Europe, and parts of the APAC region.


“What we’re seeing right now is the rise of ransomware 2.0. By that I mean, attacks are becoming highly targeted and the focus isn’t just on encryption; instead, the extortion process is based around publishing confidential data online,” said Dmitry Bestuzhev, head of the Latin American Global Research and Analysis Team (GReAT).

“Doing so puts not just companies’ reputations at risk, but also opens them up to lawsuits if the published data violates regulations like HIPAA or GDPR. There’s more at stake than just financial losses,” Bestuzhev said.

“This means organisations need to think about the ransomware threat as more than just a type of malware,” Fedor Sinitsyn, a security expert at Kaspersky said.

“In fact, often times, the ransomware is only the final stage of a network breach. By the time the ransomware is actually deployed, the attacker has already carried out a network reconnaissance, identified the confidential data and exfiltrated it. It’s important that organisations implement the whole range of cybersecurity best practices. Identifying the attack at an early stage, before attackers reach their final goal, can save a lot of money,” added Sinitsyn.