IBM reports that ransomware attacks continue to increase significantly with hacking gangs to demand higher and higher amounts of ransom from their victims, while constantly evolving the methods they follow to blackmail the victims in order to pay ransom.
Specifically, the team XM Force Incident Response IBM has been called upon to deal with a large number of ransomware attacks. Specifically, such attacks tripled in the second quarter of 2020, compared to the previous quarter, accounting for a third of all incidents. security to which the company responded between April and June. IBM pointed out that ransomware attacks increased rapidly in June.
Specifically, in June alone, there was a third of ransomware attacks that the IBM team has repaired so far this year. The company noted, among other things, that the demands for ransom are growing rapidly, with some reaching up to $ 40 million. He also revealed that the ransomware attacks behind which the hackers of Sodinokibi correspond to one in three ransomware incidents that IBM Security X-Force has responded to so far by 2020.
It is worth noting that IBM has noticed a general change in ransomware attacks. These attacks hit the construction companies Companies more difficult, while they represent almost a quarter of all incidents to which the company has responded so far in 2020, followed by the professional services sector and then by the government.
According to IBM, the attacks in these three industries suggest that ransomware gangs are looking for victims with low tolerance for downtime, such as manufacturing networks. In addition, organizations that require high operating time can lose millions of dollars every day due to downtime. Therefore, it is more likely that an organization will pay a ransom to regain access to data and continue on functions of.
IBM says hackers now tend to combine blackmail and ransomware - where gangs steal a copy of sensitive company information - before targeting encryption. If victims refuse to pay for the decryption key, attackers increase the pressure, threatening to leak the stolen data.
With intruders stealing real company data, ransomware attacks develop into data breaches, which for some companies, depending on where they are located, can carry additional risk of fines from regulators. In some cases, IBM said the attackers believe they are adjusting their ransom based on the regulatory fines to be paid by organizations.
The ransomware strain that IBM Security X-Force identified most frequently in 2020 is Sodinokibi. IBM estimates that the Sodinokibi gang has targeted more than 150 organizations worldwide since its emergence in the threat landscape in April 2019. In addition, the company estimates that more than one in three Sodinokibi victims have paid the ransom, while sensitive data stolen from 12% of victims has been sold at auction in Dark web. In these auctions, prices for stolen data range from $ 5.000 to over $ 20 million.
IBM added that Sodinokibi hackers take into account the annual income of a target organization before claiming the ransom. The highest ransom required by the Sodinokibi gang is $ 42 million and the lowest is about $ 1.500. Therefore, IBM estimates that the profits of Sodinokibi ransomware gang for 2020 exceed $ 81 million so far.