Freely subscribe to our NEWSLETTER

Getting hit by ransomware means that hackers were able to steal and encrypt sensitive data. Usually, cybercriminals demand payment for the key that will allow the company to decrypt its files. Also, fraudsters promise to either remove or not make the stolen data publicly available on the dark web.

However, the situation usually pans out a bit differently in a real-life situation. Hackers tend to take the ransom and still publish the data. This is commonly known as double extortion.

Atlas VPN analysis builds on the recent Hi-Tech Crime Trends report by Group-IB.

Findings reveal that the second half of 2021 was a record period in terms of new data leak sites created on the dark web.

Researchers only found one new data leak site in 2019 H2. However, the situation took a sharp turn in 2020 H1, as DLSs increased to a total of 12. Similarly, there were 13 new sites detected in the second half of 2020.

2021 is a record year in terms of how many new websites of this kind appeared on the dark web. DLSs increased to 15 in the first half of the year and to 18 in the second half, totaling 33 websites for 2021, a 32% growth YoY.

Record number of companies affected

Last year, the data of 1335 companies was put up for sale on the dark web. However, this year, the number surged to 1966 organizations, representing a 47% increase YoY.

Yet, this report only covers the first three quarters of 2021. Meaning, the actual growth YoY will be more significant.

Organized crime groups to blame

Some people believe that cyberattacks are carried out by a single man in a hoodie behind a computer in a dark room. However, that is not the case.

Ransomware attacks are nearly always carried out by a group of threat actors. For example, a single cybercrime group Conti published 361 or 16.5% of all data leaks in 2021.