DBO595

HB1PMS > TECH     04.02.20 10:35l 108 Lines 4914 Bytes #999 (0) @ WW
BID : 927HB1PMS
Read: GAST
Subj: Average Ransom Payment Has Increased by 104% in Q4
Path: DBO595<DBX320<FRB024<BBS645<NL3TD<NL3PRC<GY1BBS<HB1BBS
Sent: 200203/1526Z 6858@HB1BBS.ZL.NLD.EU BPQ6.0.19

Van: HB1PMS@HB1BBS.ZL.NLD.EU

Average Ransom Payment Has Increased by 104% in Q4 2019

January 28, 2020 | Trends, Reports, Analysis 

cyber, attack, ransom, ransomware, key, computer, money, crime, security, 
laptop, alert, bitcoin, crisis, hack, hacking, hard disk, data, encryption, 
malware, network, online, protection, trojan, virus, warning, hacker
Ransomware families that belong to Ryuk and Sodinokibi are responsible for 
the huge rise in the ransom payments.
In Q4 of 2019, 98% of companies had received a working decryptor tool for 
the ransom paid.
With the increase in ransomware attacks, the average ransom payment has 
risen to 104% in the fourth quarter of 2019. A report from Coveware reveals 
that the ransomware attackers had collected an average of around (sal033)4,000 
from victim organizations in the Q4 of 2019 when compared to 1,198 in Q3 
of 2019.

Rise of infamous ransomware families

Ransomware families that belong to Ryuk and Sodinokibi are responsible for 
the huge rise in the ransom payments. These ransomware operators have moved 
into the large enterprise space and are focusing their attacks on large 
companies where they can attempt to extort the organization for a seven-
figure payout.

For instance, Ryuk ransom payments have reached a new high of 80,000 for 
impacted enterprises. On the other hand, smaller ransomware-as-a service 
variants such as Dharma, Snatch and Netwalker continue to attack small 
businesses with demands as low as 0500.

Percentage of data recovered after paying a ransom

There are two success metrics to determine the outcome after a ransomware 
victim is forced to pay a ransom.

First, does the payment result in a working decryption tool being delivered? 
If the threat actor did not deliver the tool, then the data recovery rate 
stands at 0%.
Second, if a working decryption tool is delivered then how effective is it 
in decrypting the data? Files and servers can be damaged during or after the 
encryption process and this can affect data recovery rates when a decryptor 
tool is delivered.
How successful were the companies in the recovery process?

Coveware’s report highlights that in Q4 of 2019, 98% of companies had 
received a working decryptor tool for the ransom paid. However, this varies 
for types of ransomware and threat actor groups. For instance, certain 
threat actor groups associated with Phobos, Rapid and Mr. Dec ransomware 
consistently failed to give the decryption tool even after being paid.

In Q4 2019, victims who paid for a decryptor successfully decrypted 97% of 
their encrypted data, which is a slight increase from Q3.

How much downtime does a ransomware attack cause?

In Q4 of 2019, average downtime increased to 16.2 days from 12.1 days in Q3 
of 2019. This increase in downtime indicates a higher prevalence of attacks 
against larger enterprises. Such enterprises have more complex networks, and 
restoring data via backups or decryption takes longer than restoring the 
network of a small business.

Additionally, researchers have noted that certain actors such as Ryuk have 
evolved their attacks to make them even more pervasive. This also greatly 
magnifies the impact of the attack on organizations.

Prominent attack vectors

The mass availability of Remote Desktop Protocol (RDP) credentials for as 
little as SABFL2HM$0 per IP address was widely used by attackers to launch targeted 
ransomware attacks. This extremely cost-effective technique accounted for 
57.4% of all attack vectors used to distribute ransomware.

Apart from this, email phishing made up to 26.3% of the most common 
ransomware attack vectors in the Q4 of 2019.

Bottom line

Interestingly, some ransomware variants such as Maze have publicly announced 
that they will attack organizations where a disruption to patient care may 
cause the loss of life. However, this does not decrease the count of 
ransomware attacks. Organizations in the public sector and professional 
services firms still make up the largest segment for ransomware attacks.

73 Henk.

======================================================================
  _    _ ____  __ ____  ____   _____ 
 | |  | |  _ \/_ |  _ \|  _ \ / ____|  SYS: Henk (hb1nos@hb1bbs.com)
 | |__| | |_) || | |_) | |_) | (___    QTH: Ouwerkerk - JO11XO
 |  __  |  _ < | |  _ <|  _ < \___ \   BBS: HB1BBS.ZLD.NLD.EU
 | |  | | |_) || | |_) | |_) |____) |  QRV: 27.235 MHz (FM 1200bps)
 |_|  |_|____/ |_|____/|____/|_____/   WEB: www.hb1bbs.com

======================================================================

** Host of BPQ Netrom/Node NLDHUB::NL9HUB 85.214.163.10 UDP 93  

======================================================================
** This message is generated with Sally 7.2.033
----------------------------------------------------------------------
** Timed maandag 03 februari 2020  16:25 West-Europa (standaardtijd)
** BBS HB1PMS@HB1BBS.ZL.NLD.EU





Lese vorherige Mail | Lese naechste Mail