Ransomware which is a file-encrypting malware has been tagged as the most disruptive cyber-attack of 2019. And this was confirmed by a study carried out by Connecticut based Cybersecurity firm Coverware.
In a recent Ransomware Marketplace report released by Coverware, the downtime caused by the malware is reported to have grown by 60% in the last 3Q of 2019 i.e from an average of 12.1 days in 2018 to 16.2 days in 2019.
Security researchers who conducted the research say that the rise in the downtime was because hackers were seen targeting mostly large-sized organizations where the staff needed some time to remediate and restore the systems- as they had to deal with humongous data sets.
Furthermore, the report confirmed that the average ransom payment to free up the database from the file-encrypting malware in the Q4 was $84,116, up by 104% from the previous 3 quarters of last year.
“As hackers spreading Ryuk and Sodinokibi ransomware were mainly concentrating on large-sized firms, they were found demanding a seven-figure payout($780,000) as a minimum ransom for such incidents. On the other hand, smaller ransomware variants such as Dharma, Snatch and Netwalker kept their focus still on the small business space with a minimum ransom demand of $1500”, says the Coveware Ransomware Marketplace report.
That said, the most number of ransomware cases spotted in Q4 of 2019 were of Sodinokibi(29%) and Ryuk(22%) where hackers are seen first stealing data and then encrypting the database for ransom- which forces the victims to bow down to the demands at any cost.
Professional services, healthcare and financial sector along with software services were seen as the top 5 sectors most targeted by hackers. And Phishing, attacks on RDP and vulnerability exploit topped as the most popular attack methods in the past year as per the Coveware report.
The highlight of the report is that the inclusion of certain points which confirm that 98% of organizations that paid ransom received a decryption key and out of them over 96% of them succeeded in decrypting their data on a complete note.
So, now comes the million-dollar question- should we pay if we are targeted by a ransomware attack….?