Earlier this week, cryptocurrency ransomware manager Coveware published a report on its official blog, revealing a staggering 90 percent increase in the incidence of ransomware payouts in the first quarter of 2019.
For easier reference, ransomware is a form of computer malware that takes control of a host computer and leaves the user locked out. All access to the computer is completely cut off, and information stored on the computer’s hard disk remains inaccessible till a ransom is paid.
Things are getting worse. Blame Ryuk
The report, which the company claimed was based on standard, real-time data, touched on the costs involved in a ransomware attack. The recovery costs (including any ransom paid to the attacker in order to avert the hack) and downtime costs (losses suffered as a result of the attack, usually measured in missed revenue opportunities and time lags).
Coveware’s analysis went on to reveal that the average ransom paid to ransomware attackers was pegged at $12,762 for the first quarter in 2019. This figure represents an 89 percent increase from the $6,733 reported in the company’s Ransomware Marketplace Report for Q4 2018.
The increase was mainly attributed to the rise in popularity of ransomware such as Ryuk, Iencrypt, and Bitpaymer; three of the recent malware developed and deployed in attacks on large corporations.
Richer victims, larger loot
The average ransomware downtime (the time needed to decrypt ransomware) increased to 7.3 days in Q1 2019. This is about 15 percent higher than the 6.2 percent reported in Q4 2018. Essentially, this means that ransomware attackers deployed more difficult-to-decrypt malware in 2019. The estimated downtime costs per ransomware per company was also revealed to be $65,645.
The report revealed that Dharma, GandCarb, and Ryuk were the three most popular types of ransomware. However, the emphasis was laid primarily on Ryuk, as it has seen the highest increase in adoption levels amongst the top three. Decryption difficulty was pinned to be the single most prevalent cause of increased downtime, and Ryuk was highlighted to be one of the most challenging ransomware to decrypt.
The professional services industry (which includes companies such as accounting agencies and law firms) was reported to be the most commonly-attacked ransomware victim. Even though they hold some highly valuable information (case files, tax records, account and banking details, settlement terms, etc.), these firms were reported to be notorious for under-investing in It security infrastructure. So, they’ve become easy prey for ransomware attackers.
The average company size of ransomware victims increased from 71 employees in Q4 2018 to Q1 2019. This increase, as well as the estimated downtime cost, was also attributed to increases in Ryuk adoption. The ransomware is known for attacking mid-market and large enterprise with more capital and higher employee counts.
PayPal raises some hope
However, while all of this paints a gloomy picture for cybersecurity, there seems to be hope on the horizon.
Earlier last month, global payment processor PayPal filed a patent with the United States Patent and Trademark Office (USPTO) for a product which will help with the real-time detection of ransomware. The patent’s filing described a “technique for ransomware detection and mitigation,” and it will primarily detect the original copy of files and content on the host computer’s hard drive and collect the information.
With the product, a user targeted in a ransomware attack would still have access to the original copy of the content, even if the ransomware already blocked access to the “altered version.” As the product hasn’t been released to the public yet, it is impossible to tell how it will fare against ransomware such as LockerGoga, Ryuk, and Dharma—the main culprits responsible for the increased profitability of ransomware attacks.