A report published by Coveware, a company that assists ransomware victims in facilitating cryptocurrency ransom payments, claims that ransom amounts requested following cyber attacks increased by 90% in Q1 of 2019 as compared to Q4 of 2018.
The report also found that the average downtime resulting from such attacks increased by 47% over the same period, resulting in a subsequent increase in the aggregated downtime cost per ransomware per company.
Coveware, a company that has built a platform for ransomware incident response and assists victim companies with conducting extortion negotiations on their behalf published last week its quarterly report on ransomware incidences. The data Coveware collected out of cases reported on its platform, confirmed existing concerns over an ever-evolving ransomware threat.
The company that also helps victim companies pay cryptocurrency ransoms and recover their stolen and/or encrypted data through decryption processes claims that the average ransom increased by 89% during Q1 of 2019, totaling $12,762 as compared to $6,733 during Q4 of 2019.
The observation was found to be consistent with the increase in ransomware infections caused by more sophisticated types of ransomware (especially the infamous Ryuk, falsely suspected of having close ties with North Korea intelligence services) often used in bespoke targeted attacks on large companies.
The average downtime following a ransomware infection also spiked by 47% from Q4 of 2018 to Q1 of 2019 and reached 7.3 days going up from 6.2 days. This increase is driven by the increased difficulty to decrypt complex ransomware like Ryuk.
Moreover, numerous attacks targeted backup systems through wiping files from them or encrypting them.
The downtime cost, an important component when assessing the total cost of a ransomware attack, averaged $65,645 per attack per company.
Data Recovery After Paying a Ransom
The way a ransomware attack unfolds is often by forcing the victim to pay a ransom. Once paid before the deadline indicated by the attackers, a decryption tool is delivered to the victim. However, the decryption tool to be used in data recovery is not always completely effective since both servers and files could be damaged during the encryption process.
The report states that during Q1 of 2019, only 96% of the companies that reportedly paid the ransom received a working decryption tool.
Those companies were able to recover an average of 93% of their encrypted data. The reports outline that data recovery rates vary with the type of ransomware. On average, only 80% of encrypted data was recovered following a Ryuk attack, as compared to close to 100% with GrandCrab.
Ransoms Paid in Bitcoin in Most Cases
Coveware revealed that while some ransomware attacks like GrandCrab accept payments in privacy coins like Dash, Bitcoin remains the most common cryptocurrency for ransomware payments. The report explains the finding by stating:
“This is highlighted by the ease with which threat actors are ‘mixing’ bitcoin or exchanging them for other privacy coins, like Dash or Monero.”
Industries Targeted by Ransomware
Data shared by Coveware found that professional service companies like law firms and Certified Public Accountant firms were the most affected in Q1 of 2019 (22.4% of the cases), closely followed by software service companies (17.2%) and small healthcare organizations (10.3%).
The report reads:
“These firms tend to under-invest in IT security and backup policies, and have a low tolerance for data loss, which makes them vulnerable ransomware targets.”
The average size of companies that fell victim to ransomware attacks increased from 71 in Q4 of 2018 to 114 in Q1 of 2019, reflecting an increase in attacks targeting midmarket and large companies.