Average ransom payout jumped 178% in a year
Ransomware is a type of malicious attack where a criminal encrypts, typically, sensitive files, then threatens to publish them unless a demanded ransom is paid. These attacks reached record-highs in 2020 as employees shifted to remote work, in turn creating more attack vectors for hackers.
Atlas VPN analysis based on Coveware’s data found that average ransom payouts increased by 178% in Q3 2020 compared to Q4 2019.
Cybercriminals expect larger payouts when they target bigger companies, steal more data, or the information stolen is extremely sensitive. For example, instead of stealing user email addresses, hackers now target financial details, personal information like social security numbers (SSNs), and police reports.
In the 4th quarter of 2019, the average ransom payout reached $84 thousand, while in the 3rd quarter of 2020, the number skyrocketed to nearly $234 thousand.
The upward trend in ransom payments is as clear as can be. Let’s look at the data quarter-by-quarter:
From Q4 2019 to Q1 2020, the average payment demand rose by over $27 thousand, from $84 thousand to $111 thousand, which is a 33% increase. In the second quarter, ransom payouts spiked drastically by almost $67 thousand, representing a 60% jump.
Finally, the ransom demand payouts peaked in the third quarter of 2020, hitting almost $234 thousand, or a 31% jump compared to the previous quarter.
Hackers target enterprises as well as government bodies. Just recently, on Monday, Pennsylvania county announced that they took some of their systems offline as they were affected by a cyberattack, according to Bleeping Computer. Cybercriminals got access to police reports, payroll, purchasing, and other databases.
Hackers demand a payment of $500,000 to recover the data and prevent it from reaching the dark web, where other criminals could purchase it and abuse it in various schemes. The county is currently in the process of forwarding the ransom.
Number of ransomware attacks nearly doubled in 2020
Obviously, the fact that attacks are successful and victims pay out the ransom only encourages cybercriminals to continue these schemes.
Not only is the average ransom payout increasing rapidly, but the frequency of attacks is reaching record highs.
There were 78.36 million ransomware attacks detected in Q3 of 2020, while in Q3 2019, the number stood at 40.95 million. This constitutes a 91% jump in ransomware attacks in one year.
Adding up all the ransomware attacks in the first three quarters of 2020 amounts to 199.75 million, a 40% rise in attacks compared to 142.4 million in 2019.
Once again, the COVID-19 pandemic is the main culprit behind the increase in attacks. Due to lockdowns, many office-workers gained access to corporate windows workstations or servers via Microsoft’s client software called Remote Desktop Protocol (RDP). This created more points of attack for cybercriminals, as a quick shift to remote-work left some networks inadequately protected.
To hack into the company's system, fraudsters systematically attempt numerous username and password combinations until the correct one is found. A successful attack gives the cybercriminal remote access to the target computer or server in the corporate network, allowing him to encrypt the company’s data and request a ransom in exchange for the encryption key.
Tips to protect against ransomware
- Firstly, employees should follow well-known cybersecurity practices, such as using 2-Factor Authentication (2-FA) whenever possible, not clicking on suspicious links, and updating their software and OS. These steps might seem like basic practices, but surprisingly, many people do not follow them.
- Employers should set up employee training workshops where a security specialist shares security practices together with scenarios that could happen if these tips are not followed. Showcasing incidents that already happened in other companies could be of value to show employees how a single malicious link can cripple a company.
Cybersecurity Researcher and Publisher at Atlas VPN. My mission is to scan the ever-evolving cybercrime landscape to inform the public about the latest threats.