Ride the Lightning

Average Ransomware is Now $6700

February 28, 2019

Bitdefender had a post on February 22 which noted that many organizations cave into attackers’ demands, paying ransomware operators whatever they ask for in exchange for the decryption keys to their locked data

According to new research by Coveware, players in the healthcare industry, professional services, and the financial sector tend to under-invest in IT security and have weak or no backup policies. At the same time, they have almost zero tolerance for data loss so they end up paying ransomware operators following a breach.

The Coveware report states that in the fourth quarter of 2018, the average ransom increased by 13% from the previous quarter ($5,973), reaching $6,733. Researchers suspect the increase reflects the more targeted nature of recent ransomware attacks. From the report:

“In Q4, ransomware distributors focused on larger targets and via bespoke RDP & social engineering attack vectors. Higher priced ransomware strains like SamSam and Ryuk also increased in frequency during Q4, despite the ubiquity of Dharma, GandCrab and Globelmposter.”

Ransomware incidents last an average of 6.2 days, while the average cost related to downtime is around $55,000, according to the research. Notably, average downtime increased by 47% over Q3, a direct consequence of attacks where backup systems were wiped or encrypted. And 75% of organizations that paid a ransom had their backups compromised.

In the bad actors’ camp, the most preferred ransom currency remains Bitcoin, demanded by 95% of attackers, but privacy-focused coins like Dash are picking up steam in recent attacks. The top attack vector remains Remote Desktop Protocol (RDP), followed by phishing and various forms of social engineering.

“Remote Desktop Protocol (RDP) based breaches were AGAIN the most prevalent ransomware attack vector in Q4. Accordingly, ransomware distributors are spending increased time inside of breached networks. Admin credentials are harvested so backups can be wiped or encrypted, ensuring the attack has maximum impact. We expect this attack vector to remain popular until the number of vulnerable targets shrinks,” researchers said.

On the plus side, 70% of organizations that paid to get their data back following a ransomware attack intend to increase their security spending to prevent future incidents. This finding is reflected in several other studies, including a recent survey by eSecurity Planet that paints “fear of data breaches” as the key driver behind increased cybersecurity budgets in 2019.

Fear is an excellent motivator, that much is certain. Protect your systems well, have a good backup strategy and you are very likely to survive a ransomware attack without paying a ransom!

E-mail:    Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson