Average Ransomware Payment Doubled in Q4 as Attackers Focused on Large Companies, says Coveware

February 4, 2020  Jeff B. Copeland

The Q4 Ransomware Marketplace report from Coveware, the company that negotiates and settles with cyber extortionists, says that the average ransomware payment among its clients increased by 104% to $84,116, as attackers set their sights on richer targets in the large enterprise space.

The report singles out the Ryuk malware targeting large organizations and Sodinokibi which has a variant targeting MSSPs – Ryuk payments hit a new high of $780,000.

The good news (if you can call it that) is that Ryuk and Sodinokibi “are being distributed by more sophisticated actors, who tend to be more careful in how they handle the encryption process…This can limit the scope of their earnings but allows them to control the reputation of their ransomware, which in the long run may result in higher profits from their criminal efforts,” Coveware reports.

Average downtime increased to 16.2 days in Q4 from 12.1 in Q3, 2019, again due to more attacks against large enterprises that take more time to restore complex networks. Ryuk actors also began using “Wake-on-LAN”, Coveware says, to greatly magnify an attack coming in overnight; the feature turns on employee machines to maximize the number of encrypted endpoints hit. Ryuk attacks most often start with email phishing,

The most commonly victimized sectors among Coveware clients: Professional Services (20.4%), Healthcare (19.7%), Software Services (11.7%) and Public Sector (10.4%) – that last category suffered high profile attacks in 2019, including Baltimore where extortionists shut down systems for taxes, parking tickets and real estate transactions.

What steps should your organization take to anticipate a ransomware attack?  How much investment – and targeted at what—would be an appropriate response? The RiskLens application, based on the FAIR™ model helps you answer those questions with financial analysis of your cyber risk. Get the details; read more in these two posts from the RiskLens blog:

Analyzing the Financial Risk of Ransomware with FAIR™

Case Study: Manufacturer Makes Risk-based Decision on Ransomware Controls