Researchers have noticed an increase in vulnerabilities used in infiltrating organizations. According to cybersecurity firm Group-IB, the threat actors target remote desktop (RDP) servers that are exposed on the web for initial access into a network.<\/p>\n
Group-IB explained that in 2021, ransomware gangs began to focus on several vulnerabilities in public-facing applications, and quickly moved to add exploits for newly uncovered security issues.<\/p>\n
Vulnerabilities commonly used by ransomware attackers include CVE-2021-20016 (SonicWall SMA100 SSL VPN), CVE-2021-26084 (Atlassian Confluence), CVE-2021-26855 (Microsoft Exchange), CVE-2021-27101 (Accellion FTA), CVE-2021-27102 (Accellion FTA), CVE-2021-27103 (Accellion FTA), and CVE-2021-27104 (Accellion FTA).<\/p>\n
Others include CVE-2021-30116 (Kaseya VSA), CVE-2021-34473 (Microsoft Exchange), CVE-2021-34523 (Microsoft Exchange), CVE-2021-31207 (Microsoft Exchange), and CVE-2021-35211 (SolarWinds).<\/p>\n
A joint report by Cyber Security Works, Securin, Cyware and Ivanti showed that the number of bugs related to ransomware attacks rose to 310 in the first quarter of 2022.<\/p>\n
Group-IB cites the leaks of the threat actors and claims that ransomware gangs have released information from 3,500 victims, most of whom are based in the U.S. (1,655).<\/p>\n
Ransomware gangs with the most aggressive operations in 2021 were LockBit (670) and Conti (640), while Pysa came third with data from 186 victims published on their leak sites.<\/p>\n