The average ransomware payment is growing as criminals become more sophisticated in their attacks, according to a report released by ransomware incident response company Coveware.
According to Coveware’s Q4 2018 Global Ransomware Marketplace Report, the average ransom increased by 13% to $6733 in Q4 2018 compared to Q3’s $5973.
It's difficult to judge the statistical margin of error for these figures because the company, which bases the data on ransomware cases handled by its support team, doesn't divulge the exact number of ransomware cases that it has dealt with. However, it says that the increase is probably down to the more targeted nature of recent attacks. Attackers focused on larger targets and honed their attacks using social engineering, it explains. It pointed to the rising use of ransomware strains that tend to demand higher ransoms, like SamSam and Ryuk.
The average ransomware incident lasted 6.2 days and cost $54,904 in downtime, according to the company, which said that the average ransomware-related downtime increased 47% over Q3.
The biggest factor in that increasing downtime is the rising number of compromised backup systems. 75% of organizations that paid a ransom had their backups encrypted by ransomware too, the company said.
Professional services was the hardest-hit sector at 22.4%, followed by software services (13.8%) and financial services and healthcare, the latter two sectors each garnering 12.1%.
“We also observed an increase in local healthcare facilities being targeted," the report said. "These attacks typically caused the facility to close their doors until critical scheduling and patient EMR servers could be recovered.”
Coveware calls itself a “first responder” for ransomware incidents. One of its services includes ransomware payments. The company will facilitate a rapid payment so that customers get their files back. The report claims that 93% of ransomware crooks sent a decryption tool upon receipt of a ransom payment. On average, victims were able to recover around 95% of their data with these tools.
The topic of Threats, Exploits and Vulnerabilities will be covered throughout the free-to-attend conference at Infosecurity Europe in London from 4-6 June. See all the talks on Threats, Exploits and Vulnerabilities here. Infosecurity Europe is the leading European event for information and cyber security; find out more and secure your free visitor badge.
