Just when everybody thinks that the cases of online fraud and people being victimized of scams will be decreasing because people would have empathy towards each other amidst this global pandemic, we have been proved wrong. In the area of ransomware attacks, not only have the incidences increased even if everybody is encouraged to stay indoors, the average size of ransomware payments has been on the uptrend. The increase of ransomware payments is not only just incremental but quite significant. The average payment to ransomware attackers in the 2nd quarter of 2020 according to a report by Coveware, has increased by 60% from the first quarter of this year, which is now at US$170,000. The trend, which has leaned towards increases, may be attributed to the various new options in tactics and the rise of new software. Ransomware attacks have become tailored to the targets, which thus have made them all the more dangerous and damaging.
Moreover, according to the Coveware report, a recent development in the second quarter of 2020 is the emergence of attackers who do not demand that high a ransom. The trend for this breed of attackers would be to use free or affordable ransomware-as-a-service (RaaS) tools for hacking. These attackers would usually charge lower amounts as smaller businesses are usually being targeted. And this is what makes matters worse because as is, small businesses are already suffering because of the pandemic. When they are further victimized by ransomware attackers, that one more nail in the coffin of their impending death. The trend of attacking these small businesses should hopefully end for the sake of the economy and because they really do not need any more problems.
More data exfiltration?
According to various reports with regard to ransomware, ransomware attacks have come in the form of data exfiltration. The data exfiltration manner is different from other types of ransomware attacks in the sense that the attacker takes the data instead of just keeping it ransom. Once the attacker gets the data, the stolen data is then put up for sale on tech marketplaces and forums. In “usual” ransomware attacks, the data does not leave the server of the entity being attacked and the attacker just makes it impossible for the attacked to have access to the information unless a ransom is paid.
Traditional data exfiltration is itself a blend of data theft and extortion. A hacker compromises an organization’s defenses and exfiltrates sensitive data of measurable value—financial records, intellectual property, business data, and so on. After offering the data for sale on the black market to establish its value, the attacker then contacts the victim and demands a payment to prevent a sale.
With more cases come higher demands
While the number of cases have gone higher, so have the demands for the ransom cost. While there are more attackers that are more comfortable with using cheaper versions of RaaS software, the number of attackers who prefer only big entities as they think it is their role to keep these big entities in check have also increased.
The average ransom payment in Q2 was $178,254, a 60% leap from the $111,605 average in Q1. Average ransom payments climbed steadily since 2018, which coincided with the arrival of the first “big game hunting” ransomware variants, BitPaymer and Ryuk.
More low-end “DIY” ransomware attacks?
As mentioned above, more low-end attacks have also been occurring that target smaller businesses, where attackers use cheaper RaaS software.
The Dharma Ransomware-as-a-Service (RaaS) operation makes it easy for a wannabe cyber-criminal to get into the ransomware business by offering a toolkit that does almost everything for them. A RaaS operation is a cybercrime model where the developers are in charge of managing the ransomware development and ransom payment system. At the same time, affiliates are responsible for compromising victims and deploying the ransomware.
Prevention is better than cure
But how can businesses avoid the entire threat of ransomware attacks, though? Having strong IT infrastructure is still key.
A strong IT operations team is a weapon in security’s arsenal, along with widespread security awareness across all employees — in and out of IT. The IT team can prevent ransomware with regular patching and software updates, reduce the effect of an attack with good and frequent backups, lead the recovery to get systems up and running, and analyze logs to gain insights on the attack.
On the other hand, if your personal or work-related files go missing, you may need laptop data recovery services to help.