Ransomware operators had another standout year in 2019, with attacks and ransom demands soaring according to new data from Group-IB.
The Singapore-based security vendor claimed that, after a relatively quiet 2018, ransomware was back with a vengeance last year, as attack volumes climbed by 40%.
As large enterprises became an increasing focus for attacks, ransom demands also soared: from $8,000 in 2018 to $84,000 last year. That’s a 950% increase.
The “greediest ransomware families with highest pay-off” were apparently Ryuk, DoppelPaymer and REvil, the latter on occasion demanding $800,000.
As mentioned, last year saw an increasing number of attackers focus their efforts on larger targets, often using sophisticated APT-style tactics, according to Group-IB. This included trojans such as Dridex, Emotet, SDBBot, and Trickbot to compromise victims and post-exploitation frameworks such as Cobalt Strike, CrackMapExec , PowerShell Empire, PoshC2, Metasploit, and Koadic to gather info on the targeted network. Data theft also became a popular way to force payment.
Phishing emails continued to be the number one initial threat vector, alongside RDP compromise and websites infected with exploit kits, the security vendor added.
“The year of 2019 was marked by ransomware operators enhancing their positions, shifting to larger targets and increasing their revenues, and we have good reason to believe that this year they will celebrate with even greater achievements,” said Group-IB senior digital forensics specialist, Oleg Skulkin.
“Ransomware operators are likely to continue expanding their victim pool, focusing on key industries, which have enough resources to satisfy their appetites. The time has come for each company to decide whether to invest money in boosting their cybersecurity to make their networks inaccessible to threat actors or risk being approached with ransom demand and go down for their security flaws.”
Ransomware operators have indeed picked up where they left off at the end of 2019, launching a blizzard of attacks against firms struggling to adapt to mass remote working, as well as hospitals fighting COVID-19.
According to Coveware, the average ransom paid in the first three months of the year surged by 33% quarter-on-quarter. However, contrary to Group-IB’s analysis, it claimed that despite the “big game hunting” narrative, most victims are likely to be SMBs.
The average number of employees in ransomware victims was 625 in Q1, with the median a much smaller 62.