Coverware Report Reveals Increased Average Ransomware Payment of $41,198 for Q3 of 2019

Ransomware is still one of the biggest cybersecurity threats experienced by healthcare organizations. Attacks have gone up not to mention the ransom demands.

The latest analysis by Coveware, a company providing ransomware remediation and incident response, showed that the average ransom payment increased by 13% and stands at $41,198 in the third quarter of 2019. This value is six times the December 2018 average. Plenty of organizations have paid considerably more. The threat actors that make use of the Ryuk ransomware for their attacks ask for ransom demand in hundred thousand dollars. From the second and third quarters of 2019, Ryuk ransom payments reached $267,742 to $377,026. Attackers typically ask large enterprises to pay more than 1 million dollars t ransom payments.

Though no sector is free of ransomware attacks, certain industries often have a greater likelihood of paying ransom demands. The statistics of the most attacked sectors are:

1. professional services -18.3%
2. public sector – 13.3%
3. medical care – 12.8%
4. software solutions – 11.7%
5. merchants – 8.3%

There is also an increase in attacks on managed service providers (MSPs). These attacks frequently demand far more effort from the threat actors, but the prospective rewards are great. A good campaign against an MSP enables attackers to access systems and client data. The attackers target MSPs and big companies using the ransomware variants called Sodinokibi and Globelmposter. Some also use the ransomware variants Netwalker, Snatch and Hidden Tear.

Even if Coveware didn’t diclose specifically the number of clients that have paid ransom, CEO Bill Siegel of Coveware admits that the number hits hundreds.

Cybercriminals employ various strategies to propagate malware and launch ransomware attacks. As per Coveware’s report, there’s an apparent change in the execution of attacks, which are now much more sophisticated. When cybercriminals began attacking with ransomware, most attacks were automated and random. Today, attacks are more centered on businesses and use techniques that involve nation-state threat actors.

The clients of Covewarewere experience attacks that primarily use stolen RDP credentials (50.6%), phishing (39%) and software vulnerability exploitation (8.1%).

Surely, ransomware creators would prefer that the victims are able to recover their files, or else they would not get paid. Nevertheless, ransom payment does not assure file recovery. Coveware’s figures indicate that 98% of clients paying ransom obtained legit decryption keys, however data recovery was typically just around 94%.

The attackers employing Rapid and Dharma ransomware variants usually don’t give legit keys for decrypting files after paying the ransom. Mr. Dec ransomware’s encryption code is badly written so decryptors only permit 30% data recovery.

Paying the ransom is actually not necessary since free decryptors are available through the No More Ransom project. However the accessible decryptors don’t work when the ransomware variants used are Phobos (19.9%), and Ryuk (22.2%), Sodinokibi (21.1%) and Phobos (19.9%).

File recovery is likewise achievable when there are backups. Nonetheless, in many cases, backups aren’t updated and are corrupted, so file recovery is not possible. Backups could likewise be encrypted.