Ransomware has been around for quite some time now. Its exploits in the last three years have made it one of the leading cyber threats for the corporate world. Cybersecurity fraternity tirelessly works to spread awareness regarding the cryptovirological attacks. Many organizations have also taken up security measures that are centered on thwarting ransomware activity.
Amidst all this, a cybersecurity firm Coveware has found out that ransom extortion payments saw a 13% rise in the least quarter of 2018 over the preceding quarter. This shows that many affected organizations despite knowing all about cryptovirological attacks resorted to paying the attackers to get ransomware removal. Researchers at Coveware are in agreement that entities who cave into attackers’ demand invest least on their IT structure. Experts have inferred two possible causes behind increased average ransom payment.
1) Increased Customized Attacks
It is important to understand that many cryptovirological operators now prefer to tailor their attacks. Instead of launching a mass email campaign, they are focused on targeting through RDPs and via special socially engineered maneuvers. The report notes that the majority of successful ransomware attacks in Q4 -2018 were launched through compromised RDPs.
2) Prevalence of High-Priced Ransomware Attacks
Not all cryptovirological attacks entail equal extortion payments for ransomware removal. The researchers have noted that amid mounting GandCrab, Dharma and Globelmposter exploits, SamSam and Ryuk ransomware strains made a comeback in the Q4-2018. Operators of these strains usually make high extortion demands which could also possibly be the reason behind the rise in average ransomware payment.
Average Downtime Also Increased in Q4
Besides average ransomware payment that went to $6,733 from $5,973, the downtime incurred by ransomware attacks also increased by 47% in the Q4 as compared to Q3. On average, a ransomware attack lasted for 6.2 days during the Q4. The increased downtime resulted in an average business loss of $55,000.
The extended downtime indicates that affected organizations found it difficult to deal with ransomware removal and recovery measures in the attacks happened in the last 3 months of 2018 as compared to the rest of the year. This also shows that cryptovirological operators are constantly improving their encryption skills. It is also interesting to note that third-fourth of all the affected organizations that paid the attackers also got their backups compromised, indicating poor CDM practices.
Bitcoin Is Still the Preferred Mode of Payment
Despite its plummeting value in the last couple of months, more than 90% of attackers used Bitcoin as the currency for ransom payments in Q4-2018. However, Dash, a cryptocurrency with more anonymous nature of transactions, is also getting traction as a mode of ransomware payments.