2019 was a record year for cybercriminals, with the number of ransomware attacks increasing by more than 40%, and demands for the return of data exploding by 950%.
The data comes from a Singaporean tech company, Group IB, who released its Ransomware Uncovered report detailing the latest methods used by cybercriminals.
The report details an explosion in the number of ransomware attacks in 2019, with the number of individuals and organisations held to ransom in exchange for access to their data growing by 40%.
In addition to this figure, the demands from cybercriminals to give that individuals and organisations access to their data has climbed from $8000 on average per attack in 2018 to $84,000 on average for 2019. Ransom payments in 2020 are set to increase, with reports circulating that the average ransom demand in the first quarter of this year alone has increased to $111,605.
Group-IB says that Ryuk, DoppelPaymer and REvil ransomware attacks represented the “greediest ransomware families with the highest payoffs,” the latter of which at times demanding $800,000 in order to decrypt files.
More recently, we’ve reported on a group using REvil Ransomware on a law firm representing celebrities that is currently demanding $42 million to decrypt its files. The law firm refused to pay the ransom, and the cybercriminals have since begun leaking sensitive information on some of its high-profile clients.
“The year of 2019 was marked by ransomware operators enhancing their positions, shifting to larger targets and increasing their revenues, and we have good reason to believe that this year they will celebrate with even greater achievements,” said Oleg Skulkin, a senior digital forensics special with Group-IB.
“Ransomware operators are likely to continue expanding their victim pool, focusing on key industries, which have enough resources to satisfy their appetites. The time has come for each company to decide whether to invest money in boosting their cybersecurity to make their networks inaccessible to threat actors or risk being approach with ransom demand and go down for their security flaws,” he added.
The report noted that phishing emails remain the largest potential threat for individuals and organisations alike, with RDP compromises and websites infected with exploit kits as two favourites of cybercriminals globally.
BleepingComputer cites FBI Special Agent Joel DeCapua who spoke at a security conference earlier this year who said that “RDP is still 70-80% of the initial foothold that ransomware actors use.”
Bleeping Computer writes that “ransom demands of $1 million and more are no longer uncommon as threat actors adjust their prices according to the compromised organisation’s revenue and the number of locked computers… last year was highly profitable for ransomware actors but with the prices we’ve seen recently, 2020 is likely to surpass it as actors continue to target large companies in key industries.”