Growing number of companies that refuse to pay for data recovery has resulted in the fact that the average ransom amount in the ransomware attacks have decreased by almost a third in the past few months, according to a new report from Coveware.
According to the study, in the fourth quarter of 2020, the average ransom amount decreased by 34% – from $233 817 to $154 108. Experts attribute this to the fact that more and more organizations refuse to follow the demands of ransomware operators and pay (usually in cryptocurrency) for the decryption key …Nevertheless, ransomware groups adapted relatively quickly to the new conditions and switched to other tactics, for example, the double extortion strategy, which involves threats to disclose stolen data if the company does not pay. According to Coveware, in the last three months of the last year, the number of such attacks was 70%.
Experts also noted that in the period from July to September 2020, 74.8% of organizations encountered with the ransomware attacks paid the required ransom, but in October-December the number of such companies dropped to 59.6%.
Information security companies and law enforcement agencies have repeatedly warned that successful ransomware attacks only motivate cybercriminals to continue their activity; moreover, there is no guarantee that even after paying the ransom, the company will be able to recover the stolen data.
Most often, cybercriminals compromise organizations’ networks through phishing emails or RDP connections, with which they gain access to using stolen credentials.
It should be noted that some companies are careless about their own cybersecurity, opening a loophole for criminals, sometimes more than once. In particular, the British National Cybersecurity Centre (NCSC) gave an example when a certain company twice in two weeks fell victim to the same extortionist group just because it did not bother to find out how the criminals managed to get into the network.
For most companies, the priority is the task of data recovery and the resumption of business operations, but the real problem is that ransomware can be an indicator of a more serious intrusion into the corporate network, which can last for days or even longer, the department warned.
Let me also remind you that recently the USA and Bulgaria authorities disrupted infrastructure of the NetWalker ransomware.