Record number of data leak sites detected in 2021

Edward G. | December 14, 2021

Falling victim to a ransomware attack is one of the worst things that can happen to a company from a cybersecurity standpoint. No other attack damages the organizations’ reputation, finances, and operational activities like ransomware. 

Getting hit by ransomware means that hackers were able to steal and encrypt sensitive data. Usually, cybercriminals demand payment for the key that will allow the company to decrypt its files. Also, fraudsters promise to either remove or not make the stolen data publicly available on the dark web.

However, the situation usually pans out a bit differently in a real-life situation. Hackers tend to take the ransom and still publish the data. This is commonly known as double extortion. 

Atlas VPN analysis builds on the recent Hi-Tech Crime Trends report by Group-IB.

Findings reveal that the second half of 2021 was a record period in terms of new data leak sites created on the dark web.

A data leak site (DLS) is exactly that - a website created solely for the purpose of selling stolen data obtained after a successful ransomware attack.

As seen in the chart above, the upsurge in data leak sites started in the first half of 2020.

Researchers only found one new data leak site in 2019 H2. However, the situation took a sharp turn in 2020 H1, as DLSs increased to a total of 12. Similarly, there were 13 new sites detected in the second half of 2020.

Like with most cybercrime statistics, 2021 is a record year in terms of how many new websites of this kind appeared on the dark web. DLSs increased to 15 in the first half of the year and to 18 in the second half, totaling 33 websites for 2021. 

Record number of companies affected

People who follow the cybercrime landscape likely already realize that 2021 was the worst year to date in terms of companies affected by data breaches. Luckily, we have concrete data to see just how bad the situation is.  

Last year, the data of 1335 companies was put up for sale on the dark web. However, this year, the number surged to 1966 organizations, representing a 47% increase YoY. 

Yet, this report only covers the first three quarters of 2021. Meaning, the actual growth YoY will be more significant.

Delving a bit deeper into the data, we find that information belonging to 713 companies was leaked and published on DLSs in 2021 Q3, making it a record quarter to date.

Finally, researchers state that 968, or nearly half (49.4%) of ransomware victims were in the United States in 2021. For comparison, the number of victimized companies in the US in 2020 stood at 740 and represented 54.9% of the total. 

Organized crime groups to blame

Some people believe that cyberattacks are carried out by a single man in a hoodie behind a computer in a dark room. However, that is not the case. 

Ransomware attacks are nearly always carried out by a group of threat actors. For example, a single cybercrime group Conti published 361 or 16.5% of all data leaks in 2021.

Other groups, like Lockbit, Avaddon, REvil, and Pysa, all hacked upwards of 100 companies and sold the stolen information on the darknet.   

Final remarks

Be it the number of companies affected or the number of new leak sites - the cybersecurity landscape is in the worst state it has ever been. 

If you are interested to learn more about ransomware trends in 2021 together with tips on how to protect yourself against them, check out our other articles on the topic:

Edward G.

Edward G.

Cybersecurity Researcher and Publisher at Atlas VPN. My mission is to scan the ever-evolving cybercrime landscape to inform the public about the latest threats.



© 2024 Atlas VPN. All rights reserved.