Cyber-attack Ransom Requested Skyrocket 200% In 2019

By RTTNews Staff Writer | Published: 6/8/2020 10:24 AM ET

Average ransom payments requested in cyber-attacks skyrocketed about 200 percent in 2019 compared to 2018, averaging $115,123 in 2019, according to a "2020 Incident Response & Data Breach Report" by security advisory firm Crypsis Group.

This is due in part to the shift toward attackers' use of enterprise-targeted ransomware families and careful selection of victims capable of paying higher sums, as well as the maturing tactics.

The rise of bitcoin and other cryptocurrencies also gave threat actors an efficient and anonymous method to extract ransom from victims while hiding their trail.

In 2019, Crypsis particularly observed Ryuk and Sodinokibi variants driving average ransom payments significantly higher. Earlier variants like Dharma and LockCrypt resulted in much lower ransom demands in 2017 and 2018.

Compared to other industry sectors, cyber attackers mostly targeted healthcare-related (16%) and financial services (14%) organizations as they store, transmit, and process high volumes of monetizable sensitive information and disproportionately attract threat actors.

Ransomware attacks and business email compromise (BEC) continue to be among the most pervasive and impactful cyber threats to organizations in terms of business disruption and monetary loss.

Since 2018, threat actors have evolved from deploying mass-distributed phishing campaigns with lower ransom demands to highly targeted, well-researched attacks on larger enterprises with deeper pockets.

The report states that these new methods represent a tactical shift in response to stronger enterprise security defenses and an associated reduction in organizations' willingness to pay.

Ransomware monetary demand amounts are trending up. The healthcare sector was the most affected with 22 percent share and manufacturing sector coming in second with a 13 percent share.

The incidents have included the deletion or disablement of backups, as well as the threat of releasing sensitive data publicly. The Maze ransomware is leading the way in extortionate tactics, but others are getting into the game.

According to a prediction by Cybersecurity Ventures, global ransomware damages are forecasted to reach $20 billion by 2021, copared to the estimated $325 million in damages in 2015.

Meanwhile, BEC attacks primarily leverage phishing, preying on the vulnerabilities of humans, to harvest cloud-based email passwords with the intent of committing wire fraud. Again, the financial services and healthcare sector organizations were the hardest hit, due to their high volume of financial transactions and reliance on email to conduct them.

Nearly one third of overall incidents in 2019 were BEC attacks. In nearly all cases, the motive of the attack was wire fraud, with an average theft of wired funds per incident of $264,117 in 2019.

Further, insider threats were the dark horse cyber risk of 2019 and are seen to silently grab sensitive data. These threats are often overlooked and deserve more focused attention as insider threat investigations rose approximately 70 percent year-over-year. 57 percent of these attacks were waged by departing employees looking to advance their careers.

The report observes that the IT security function within organizations focuses more time and resources on external threats than on internal ones, leaving sensitive data exposed to those who have authorized access and malicious intent.

As long as there are ways to profit from cybercrime, threat actors will continue to find new methods to exploit vulnerable systems and processes.

Recent attacks on healthcare institutions and supporting organizations during the worldwide coronavirus pandemic serve as a stark reminder that these attacks, while waged from a keyboard, are crimes and the threat actors remorseless.

The report analyzed data and leverage insights from over 1,000 investigations The Crypsis Group conducted in 2019. These range from ransomware, BEC, payment card breaches, and nation state attacks, to inadvertent data disclosure incidents and insider threat investigations.

For comments and feedback contact: editorial@rttnews.com

Advertisement

Article written by an RTT News Staff Writer, and posted on the RTT News.com website.

Article reposted on Markethive by Jeffrey Sloe

Visit MarketHive to learn more: http://markethive.com/jeffreysloe