SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Ransomware attacks swell, average ransom payments rise - report
Wed, 10th Jun 2020
FYI, this story is more than a year old

Organisations are capitulating to ransomware demands more often and paying a higher price to attackers to placate them, according to new research from Atlas VPN.

Between 2018 and 2019, the value of demanded ransom payments rose 140%, peaking at an average of US$18,000, while a reported 57% of surveyed organisations settled and paid ransoms during the last 12 months.

55% of organisations reported being a victim of ransomware in 2018. This number increased to 56% in 2018 and jumped to 62% in 2020, according to a recent report from CyberEdge.

Despite the advice of many cybersecurity experts to the contrary, instances in which organisations pay the ransom demanded of them have risen in recent years.

Atlas VPN says 38% of victimised companies paid the demanded sum in 2018, and this number rose to 45% in 2019. It rose even further in 2020, with 57% of organisations paying ransoms to have their data recovered during the last 12 months.

However, in many cases paying this price does not guarantee the recovery of stolen data.

Only 49% of organisations that paid a ransom in 2018 were able to recover their data. In 2019, the number increased to 61% and jumped to 66% in 2020.

Atlas VPN says the shrinking likelihood of recovering stolen information through paying a ransom means companies should focus on preventative methods, which not only lower the likelihood of ransomware from infiltrating security protocols, but also prevent wider disruption to the business.

The report from Atlas VPN comes as concern around ransomware and its increasing penetration into IT spaces is at an all-time high.

One of the industries hardest-hit by cyber-attacks and ransomware is the financial sector – according to VMware Carbon Black, attacks targeting this sector have swelled by 238% in the months from February through to the end of April 2020, while 80% of surveyed financial institutions reported an increase in cyber-attacks over the last 12 months.

A further 82% of surveyed institutions reported a rise in the sophistication of attacks – which can be attributed to attackers leveraging highly advanced social engineering tactics and advanced strategies for hiding malicious activity.

64% of financial institutions also reported increased attempts at wire fraud transfer, a 17% increase year-on-year.

“At an alarming rate, transnational organised crime groups are leveraging specialist providers of cybercrime tools and services to conduct a wide range of crimes against financial institutions, including ransomware campaigns,” says US Secret Service Cyber Investigations Advisory Board (CIAB) executive director Jonah Force Hill.

“Criminals are increasingly sharing resources and information and reinvesting their illicit profits into the development of new, even more destructive capabilities.

“The growing availability of ready-made malware is creating opportunities for even inexperienced criminal actors to launch their own operations.