According to a recent Malwarebytes report, ransomware attacks on businesses increased 195 percent in the first quarter of 2019. Moreover, compared to the first quarter of 2018, ransomware attacks on businesses have increased 500 percent over the last year.
Why the Resurgence in Ransomware Attacks?
In 2018, all signs pointed toward ransomware attacks being on their way to a decrease with cryptojacking and data breaches grabbing major headlines. While the overall number of ransomware attacks lessened throughout the last year, the attacks have become more sophisticated, and the damage has increased in severity. Overall, victims paid more ransom money, experienced greater downtime, and took longer to recover from an attack than ever before.
“Ransomware is no longer a ‘one employee clicked an email, and their workstation is encrypted’ type of incident,” said Bill Siegel, CEO, and co-founder of Coveware.
What is a Ransomware Attack Like in 2019?
Interesting fact: ransomware attacks on businesses increased 500 percent over the last year – however, consumer-targeted ransomware attacks have declined by 33 percent. Ransomware attacks are becoming more targeted, ransoms are higher, downtime is increasing, and victims who pay the ransom are recovering their files more than ever.
What does it mean when someone says ransomware attacks are becoming more targeted?
It means a couple of things. First, hackers are doing their research, and before deploying a ransomware attack, they know a significant amount about the company. Second, instead of using a typical phishing attack vector, hackers are becoming more hands-on by staging manual attacks using compromised credentials. Hackers are specifically targeting high-value systems such as e-mail servers, database servers, document management systems, and public-facing servers.
In a recent attack that we covered on Norsk Hydro, researchers believe the cybercriminal behind the attack manually copied their Lockergoga ransomware from computer to computer on the company’s network.
Ransom Demanded Increased 89 Percent
With the shift away from consumer-targeted attacks, hackers are focused on bigger paydays through infecting businesses of all sizes. As such, it’s assumed these businesses not only have the money to pay the ransom but also have the motivation. The average ransom paid by victims in the first quarter of 2019 was $12,762 compared to $6,733 in the fourth quarter of 2019; an 89 percent increase.
Downtime from Attacks is Increasing
Whether it’s from a company poorly handling its response from a ransomware attack, such was the case with Arizona Beverages, or ransomware such as Hermes causing high-data loss rates compared to other types of ransomware; the average downtime from a ransomware attack has increased. The average downtime following a ransomware attack shot up to 7.3 days in Q1 2019 compared to 6.2 days in Q4.
Victims are Recovering Their Data
Previously, whether you would recover your files if you paid the ransom was a larger risk. Cybercriminals would infect mass amounts of users, collect the ransom, and run. While it’s still not guaranteed you will recover your files after paying, companies who paid the ransom in Q1 2019 received a key for decrypting their files 96 percent of the time. Data recovery rates vary substantially by ransomware type. For example, victims of Ryuk ransomware were generally able to recover only 80 percent of their data while those hit with GandCrab usually recovered 100 percent. Variances tend to do with the ransomware’s encryption processes, faulty decryption tools, or modifications made to encrypted files.
Although companies are recovering their files now more than ever, security and law enforcement officials strongly recommend against paying the ransom. Many believe that by paying the ransom, you are simply encouraging more ransomware attacks. While we strongly recommend that you use CryptoStopper to severely minimize the damage done by a ransomware attack, whether you pay the ransom or not is completely up to you. Some businesses can afford the downtime while others have to pay the ransom to get their systems up and running as soon as possible.
Photo courtesy of DelmarvaNow.com