When looking at the root cause of these attacks, ransomware was by far the most prominent, accounting for a whopping 54.95% of breaches. Ryuk stood out above the rest, repeatedly appearing in breach disclosures and accounting for 8.64% of ransomware-related breaches, followed by Maze (6.17%), Conti (3.7%) and REvil/Sodinokibi (3.09%).

The criminals behind Maze ransomware began incorporating this tactic of steal and share as additional extortion pressure in their ransomware operations. The first such incident occurred in November 2019 when the Maze crew released a portion of a victims’ stolen data in a show of force and added social pressure for the company’s lack of payment.

The investigation revealed that the attackers had penetrated the network at least six days before their first attempt to launch the ransomware payload. During this time, the attackers explored the network, ran legitimate third party tools.