Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

Ransomware Uncovered 2020/2021
← Research Hub

Ransomware Uncovered 2020/2021

The complete guide to the latest tactics, techniques, and procedures of ransomware operators based on MITRE ATT&CK®
Download report

Background

The year 2020 was a difficult one for most people around the world, but the same cannot be said for ransomware groups. While industries and businesses struggled to adapt to a post-pandemic reality, threat actors thrived, attacking bigger targets and demanding more money.

Ransomware-as-a-Service programs began to appear more frequently on underground forums, data exfiltration became an increasingly popular tactic among ransomware operators, and enterprise ransomware operations expanded to include new (and potentially game-changing) participants.

To stand a chance against threat actors in 2021, it is vital to not only understand their latest tactics, techniques, and procedures but also what actions to take to protect against them. Ransomware Uncovered 2020/2021 will give readers an intimate look at each step threat actors take, from initial access to exfiltration.

Extortionists lead the packExtortionists lead the pack

35% of attacks in 2020 were conducted by Maze and its successor Egregor.

Millions, not thousandsMillions, not thousands

It has become normal to see ransom demands in the millions of dollars.

Big Game Hunting boomBig Game Hunting boom

State-sponsored threat actors and commodity malware are more actively becoming associated with ransomware operations.

In this report

MITRE ATT&CK®

Explore the newest heat map of ransomware operators’ TTPs

The future threat landscape

Read predictions on how threat actors will act in the coming year

Recommendations

Get tailored lists of mitigations for each tactic and technique
Ransomware operators are less concerned about the industry and more focused on scope and scale… This means that companies such as Garmin, Canon, Campari, Capcom, and Foxconn (which were successfully attacked in 2020) are now at constant risk of being targeted.
Oleg Skulkin
Oleg Skulkin
Head of Digital Forensics and Malware Analysis Laboratory

Stop Ransomware with Group-IB

Threat Intelligence
Threat Intelligence
Managed XDR
Managed XDR
Digital Risk Protection
Digital Risk Protection

Relevant reports

We see the full picture of the evolving cyber threat landscape thanks to unique tools for monitoring the infrastructure used by cybercriminals and data from battlefields:

Ransomware Uncovered 2021/2022
Threat Research
Ransomware Uncovered 2021/2022
The well-known complete guide to the latest tactics, techniques, and procedures of ransomware operators...
Learn moreDownload report
RedCurl: The Awakening
Threat Research
RedCurl: The Awakening
Commercial cyber espionage remains a rare and largely unique phenomenon. We cannot rule out,...
Learn moreDownload report
OldGremlin Ransomware: Never Ever Feed Them after The Locknight
Threat Research
OldGremlin Ransomware: Never Ever Feed Them after The Locknight
The case of OldGremlin illustrates how the ransomware industry has evolved in recent years....
Learn moreDownload report