Recent research has shown that hackers pay for ransomware attacks on average $ 84.000. It is clear that hackers tend to increase the ransomware calls for ransomware more and more, thus increasing the downtime operation of the systems of the victims-attacking companies. The question is whether the Companies- steps to pay ransom to hackers in order to recover them data and restore them systems their.
According research of Coveware's Q4 Ransomware Marketplace (whose platform helps companies that have fallen victim to its criminals cyberspace to negotiate successfully for a lower one cost redemption and a decryption tool) the answer is clearly "YES". In particular, the findings of Coveware's Q4 Ransomware Marketplace report are as follows:
- Average redemption price: In 2019, the average acquisition price rose 104% to about $ 85.000, from $ 42.000 at the beginning of 2019. The average price ransomware's acquisition in Q4 was $ 41.179.
- Data recovery: if the hacker does not deliver the decryption tool, it may result in 0% data recovery. Chances are archives and server be destroyed during or after the encryption process, which may affect rates recovery data even when a decryption tool is delivered. In mid-2019, 98% of companies that paid ransom received a decryption tool.
- Timeout of "hacked" systems: in mid-2019, the corresponding average downtime of "hacked" systems increased to about 17 days, from 12 in early 2019. The increase in downtime is due to the increased prevalence of attacks on larger companies, which needed weeks to restore their systems.
- Decryption: In mid-2019, the key victim companies successfully decrypted 97% of their encrypted data, an increase compared to the beginning of the year.
- Repayment of ransom: Bitcoin is used almost exclusively in all genres extortion in cyberspace. Cyber criminals have realized that it is easier to collect ransom coins confidentialityafter collecting them, rather than requiring a victim to buy a less liquid type digital currency.
- Ransomware by an attacker: During Q4, in 2019 lower ransomware-as-a-service specifications such as Dharma and Phobos continued to exploit cheap and easy attackers such as RDP. The most sophisticated groups, such as Sodinokibi, also use RDP when available, but exploiting more technically complex CVE's and using Phishing via email.
- Common types of ransomware from an attacker: Ryuk attackers continue to exploit phishing to gain an initial holde toe in one network before escalating their privileges. Ryuk was also observed using one characteristic called Wake-on-LAN to enable computers that they originally had disabled to ensure extended encryption.
In general, the most common types of ransomware used by hackers are:
- In Q4, 2019, Sodinokibi (ransomware-as-a-service) was the type of ransomware found in most attacks.
- Following is Ryuk Ransomware.
- Phobos and Dharma remain a constant part of ransomware attacks against small operational.
- Subsidiary per number of employees: at its lowest end market, widely available ransomware-as-a-service variants, such as Dharma / Phobos. At the other end of the market, attacks on Ryuk continue to target big businesses.
- Medium-sized businesses target Ransomware: professional services companies, such as regional law firms, consulting companies and service providers information technology, make up most of it industry. Public sector organizations are responsible for a high rate ransomware attacks. Sodinokibi targets specialized providers services in healthcare, while variants such as Defray 777 focus all their attacks on the industry.
- Medium size companies targeting ransomware: the average size of the company was reduced to 610 employees in mid-2019, up from 645 in early 2019.