Ride the Lightning

Ransomware Gangs Shift From “Big Game Hunting” to “Mid-game Hunting”

October 26, 2021

On October 21, Bank Info Security published a post highlighting the Q3 report from Coveware, a ransomware incident response firm. There was one piece of good news. The average ransomware payment remained at $140,000. At least it’s not going up.

Sadly, there was a cautionary admonition for law firms. Coveware says small and midsize professional services firms, especially law firms and financial services firms, appear most at risk from ransomware attacks because of their lack of cybersecurity preparedness, apparently because they think they’re too small to be targeted.

Time to change that thinking. Governments and law enforcement have successfully taken down or negatively impacted ransomware gangs since the Colonial Pipeline attack.

Coveware says, “We have seen statistical evidence and intelligence showing that ransomware actors are trying to avoid larger targets that may evoke a national political or law enforcement response. This shift from ‘big game hunting’ to ‘mid game hunting’ is personified in both the ransom amount statistics but also the victim size demographics from the quarter.”

In other words, ransomware gangs may avoid attacking the AmLaw 100 and the Big Four of accounting, but not the mid-sized and smaller firms which hold valuable data and can still make large ransomware payments.  

Hat tip to Dave Ries.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225, Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson