Some good and bad news is coming out of the first quarter of 2019 regarding Ransomware Attacks. Dark Reading had some interesting statistics to share about the number of ransomware attacks decreasing. (Mind you, the verdict from the industry is not fully out yet on this but it is Dark Reading’s findings.) That’s the good news. However, the bad news, which we at Wedge agree upon, is how ransomware is becoming much more targeted; focusing increasingly on institutions instead of individuals. Which is leading to the netting of higher ransom payments, causing more downtime losses and requiring longer recovery times.
According to the article, the increasing cost trends are a result of an increase in the use of ransomware types such as Ryuk and Bitpayment, used in customized and targeted attacks on large enterprises. In terms of numbers, Ransomware incident responders, Coveware, suggest that the average number of days a ransomware incident lasts is 7.3 days, at an average cost of related downtime of $64,645 per incident. According to them, the average ransom amount paid by victims in cases handled by Coveware increased by 89%, going from $6,733 in Q4 2018 to $12,762 in Q1 2019.
What is of concern is that instead of using automated attacks, hackers are increasingly executing manual attacks against targeted organizations using compromised credentials; “specifically targeting high-value systems such as e-mail servers, database servers, document management servers, and public-facing servers.” As a result, downtime is increasing, with ransom-related downtime costs becoming substantial, with costs varying significantly by industry and geography. As shown by the Norsk Hydro attack, manufacturing companies are now becoming heavily targeted as they are more likely to pay a ransom to get things moving again.
Although security and law enforcement officials highly suggest against victims paying the ransom to get their data back; believing that by giving in to the ransomware demands will encourage more attacks, many victims ended up paying the ransom. According to Coveware, for the most part, companies that paid the ransom were able to get their data 96% of the time; an increase of 3% over Q4 of 2018 where the average was 93%.
In light of the worsening statistics for victims of Ransomware attacks, we continue to push for organizations to consider “Detect and Block” instead of having to go through the ordeal of “Detect and Respond”. The unfortunate fact is that if an organization becomes a victim, the costs are continuing to increase, with Ransomware continuing to be lucrative to the hackers and other bad actors out there. As a company that provides solutions that can stop Ransomware BEFORE it hits the network, we feel that these attacks could all have been prevented. If you are interested in protecting your organization from Ransomware, feel free to get in touch with our team at email@example.com. We offer a FREE 90 day trial of the Wedge Advanced Malware Blocker, which can Detect and STOP all forms of Ransomware before they can even enter your network. With the increasing costs to victims, what have you got to lose?