Ransomware Dharma, Crylock and Thanos were used most often for cyberattacks in Russia in 2021; in total, they account for more than 300 attacks. This is stated in a message from Group-IB, received by RBC.
These programs, which Group-IB calls the most “aggressive” ransomware of the past year, operate on the Ransomware-as-a-Service model. At the same time, the Russian-language RTM program, which previously specialized in theft from remote banking systems, has also added ransomware to its arsenal, Group-IB points out.
According to the company’s analysts, the ransom amounts that cybercriminals demand from their victims in Russia largely depend on the size of the business. The average amount of the repurchase paid is RUB 3 million, the maximum is RUB 40 million. “But the record for the maximum amount of the requested ransom in 2021 was set by the OldGremlin group – they expected to receive 250 million rubles from the victim,” the company said in a statement.
In general, the number of ransomware attacks on organizations in Russia increased by more than 200% in 2021, added to Group-IB.