The attacks ransomware is very widespread this time. Surveys show that hackers have greatly increased the money they ask victims to return their data.
Security firm Coveware said that in the first quarter of 2019, an average of 12.762 dollars were requested for each attack in relation to 6.733 requested by hackers in the last quarter of 2018. That is, we are talking about twice as much.
Where is this huge increase due? Using more sophisticated and more expensive ransomware programs, such as Ryuk, Bitpaymer and Dharma.
Previously, ransomware attacks were usually done by sending phising emails. This method will surely deceive some people, but not everyone. Now, hackers are making more focused attacks.
They exploit vulnerabilities in remote desktop protocols or steal credentials to gain access to victims' systems and prepare the ground for ransomware in order to influence as many computers as possible.
Many times hackers ask for money in cryptocurrency (eg Bitcoin).
Usually larger amounts are requested when Ryuk ransomware is used as it targets large organisms. A Ryuk ransomware attack can cost the victim up to 286.557 $.
In addition to the increase in funds from 2018 to 2019, an increase in the time it takes to deal with a ransomware attack (from 6.2 days to 7.3 days on average) has also been observed.
This increase is again due to the more advanced form of attacks.
The authorities do not recommend the victims to pay the money, because even if they pay them, it is not certain that the hackers will return the stolen data. However, victims often feel they have no choice.
Typically, part of the data is returned, and only when the payment process is complete is returned. That's why it takes a few days for the victims to get all the tools they need to retrieve their data.
Typically, the return of the data, after payment, is certain. Ransomware distributors are like having a business. It is not good for the business to release the reputation, that while it has received the money from the victim, it does not return the data. Because if that is said, the next victims will not give the money, since they will know that their data will not be returned.
On the other hand, obeying the victims and paying the "ransom" strengthens the action of hackers.
Also, their action is strengthened as long as individuals and organizations do not take appropriate security measures (protection programs, staff training, etc.). It is very important backup data, so that if the other methods of protection fail, the data can be recovered.