Bengaluru, India – September 19, 2022: In the Akamai Ransomware Threat Report APJ Deep Dive H1 2022, Akamai analyzed a recent leak of documents from Conti, one of the most prolific ransomwares as a service (RaaS) provider, to understand its inner workings and to create a snapshot of the attack trends, tools, and tactics that contributed to its success. The Conti RaaS group reportedly reaped US$180 million in 2021 from ransom payments.
The gathered data for this report was based on Conti’s publicly reported attacks on their leak site. Akamai dove deeply into the data to gain insights on the verticals that were most impacted, the revenue range distribution by attack, and countries that were most heavily affected. However, it is important to note that the data does not represent all of Conti’s attempted attacks.
APJ ranked as the third-highest region globally to be attacked by Conti ransomware. Akamai saw that APJ is less frequently attacked than other regions, which is partially due to the Conti group’s heavy slant against North American and EMEA regions.
Their analysis of the vertical distribution of attacks revealed that business services was the top victimized industry in APJ. Successful attacks on this vertical can be concerning because of the risk of supply chain cyberattacks. Cybercriminals could breach a third party, such as business services companies, to gain a foothold on high-value targets. One such example is a Taiwanese company and supplier/contractor for a high-end automobile manufacturer, and a consumer electronics company, among others that suffered a Conti attack in 2022. Despite 1,500 servers being encrypted, the attack reportedly impacted only noncritical systems. It is crucial to highlight here the security risks that third-party companies could potentially introduce to their affiliated organizations.
The APJ region also shows a significantly larger number of critical infrastructure attacks as compared with other regions. Attacks on these verticals could have catastrophic, real-world implications. Case in point: One of the largest electricity providers in Australia was hit by a Conti ransomware attack in 2021. Although the attack did not disrupt their services, it’s not hard to imagine the detrimental effects if it did.
Retail and hospitality were the second most attacked verticals in APJ. This is not surprising since the commerce industry contains troves of confidential information, such as personal identifiable information (PII) and credit card numbers, making it a lucrative target.
When organizations get hit by ransomware, they could potentially deal with downtime resulting in loss of productivity, brand and reputation damages, remediation and recovery costs, and legal fees, among other problems. It is worth noting that the ramifications of ransomware attacks can extend far beyond the financial losses of an individual company.
The report highlights that more than 40% of victimized organizations make revenue up to US$50 million. We can surmise that the Conti group is targeting small and medium-sized businesses that have the capacity to pay the ransom but do not have the same resources and cybersecurity technologies as larger enterprises. Ransomware as an attack vector is largely financially motivated. And businesses, regardless of their size, have confidential data such as customer information, trade secrets, and proprietary information, which make them viable targets.