The average ransom after a ransomware attack is falling. More and more companies refuse to give in to extortion demands.
An analysis by cybersecurity
company Coveware has shown that the average ransom payment after a ransomware attack fell by a third in the last quarter of 2020 - from $ 233,817 in the
previous three months to $ 154,108.
The company attributes the
decline to the fact that victims refused to give in to requests for Bitcoin to
be paid in exchange for the decryption key the criminals use to claim to
restore the network to working order.
While it is positive that a higher percentage of victims choose not to pay the cybercriminals, there are
still a large number of organizations that are giving in - making ransomware
continue to be successful, even if the perpetrators of the attacks are slightly
fewer Earn money. Still, it might be enough for some ransomware operators
to consider whether it's worth the effort.
"If fewer companies pay
for whatever reason, it has long-term effects that add up over time and can
make a significant difference in the volume of attacks," said a blog post
by Coveware.
The increase in companies
choosing not to respond to ransomware extortion tactics has also led the gangs
to change tactics, as evidenced by the increase in ransomware attacks where
criminals threaten to reveal stolen data if the victim doesn't pay. According
to Coveware, these accounted for 70% of ransomware attacks in the last three
months of 2020, compared to 50% in the previous three months.
However, while nearly
three-quarters of companies threatened with data disclosure between July and
September paid the ransom, that number dropped to 60% for companies victims between
October and December.
The researchers point out that
even if the ransom is paid, there is no guarantee that the criminals will
delete the data and instead use it for other malicious purposes, which
companies should take into account when deciding whether to pay.
And, as cybersecurity companies
and law enforcement agencies warn, any payment made after a ransomware attack
only motivates criminals to carry out further attacks.
Ransomware continues to be
successful because cybercriminals can successfully break into insecure
networks to lay the foundations for attacks.
Phishing emails and the exploitation of Remote Desktop Protocol (RDP) are the most common methods for
ransomware attacks to break into networks. While a phishing email relies on victims opening malicious documents or links to launch the attack, RDP does
not require any person to be involved in the victim's organization as the
attackers can detect leaked ones Abusing credentials.
Ismail Elmas, Geo VP EMEA &
APAC at Zscaler, warns. "The fact that so many companies are still combining their
cloud infrastructure with traditional remote desktop and VPN solutions does not address modern challenges
efficiently."
In both cases, the ransomware
finds its way into networks because cybercriminals exploit security holes. Applying
security patches that prevent malicious hackers from exploiting known
vulnerabilities can go a long way in preventing malware from running on the
network.
Using tools like two-factor or
multi-factor authentication can prevent attackers from gaining a foothold in
the network, because even if they have the correct credentials, it is much more
difficult to exploit them.
Find the best free antivirus software for your Windows PC
Regularly updating offline backups by backing them up to tape drives provide organizations with a way to restore the network without the reward of blackmailers.
No comments:
Post a Comment