The ransom amount in the ransomware attacks decreased by one third due to companies’ refuse to pay

Ransom amount in ransomware attacks
Written by Emma Davis

Growing number of companies that refuse to pay for data recovery has resulted in the fact that the average ransom amount in the ransomware attacks have decreased by almost a third in the past few months, according to a new report from Coveware.

According to the study, in the fourth quarter of 2020, the average ransom amount decreased by 34% – from $233 817 to $154 108. Experts attribute this to the fact that more and more organizations refuse to follow the demands of ransomware operators and pay (usually in cryptocurrency) for the decryption key …

When fewer companies pay, regardless of the reason, it has a long-term impact that and over time can lead to fewer attacks.they said.

Nevertheless, ransomware groups adapted relatively quickly to the new conditions and switched to other tactics, for example, the double extortion strategy, which involves threats to disclose stolen data if the company does not pay. According to Coveware, in the last three months of the last year, the number of such attacks was 70%.

Experts also noted that in the period from July to September 2020, 74.8% of organizations encountered with the ransomware attacks paid the required ransom, but in October-December the number of such companies dropped to 59.6%.

Information security companies and law enforcement agencies have repeatedly warned that successful ransomware attacks only motivate cybercriminals to continue their activity; moreover, there is no guarantee that even after paying the ransom, the company will be able to recover the stolen data.

Most often, cybercriminals compromise organizations’ networks through phishing emails or RDP connections, with which they gain access to using stolen credentials.

It should be noted that some companies are careless about their own cybersecurity, opening a loophole for criminals, sometimes more than once. In particular, the British National Cybersecurity Centre (NCSC) gave an example when a certain company twice in two weeks fell victim to the same extortionist group just because it did not bother to find out how the criminals managed to get into the network.

We are aware of one organization that paid a ransom (just under £ 6.5 million) and recovered its files (using the proposed decryptor) without making any effort to figure out the root cause and secure the network. Less than two weeks later, the same attacker again infiltrated the victim’s network using the same mechanisms and re-deployed the ransomware. As a result, the victim paid the ransom again.the NCSC said.

For most companies, the priority is the task of data recovery and the resumption of business operations, but the real problem is that ransomware can be an indicator of a more serious intrusion into the corporate network, which can last for days or even longer, the department warned.

Let me also remind you that recently the USA and Bulgaria authorities disrupted infrastructure of the NetWalker ransomware.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply