The average payment made by those hit with ransomware has doubled in just three months, to almost £65,000.
According to the latest Covewear study, ransomware victims aren’t heeding the advice to refuse any demands put upon them, but are instead paying more than ever before.
Ransomware is a devastatingly effective cybercrime tool as it encrypts valuable data from individuals or companies before issuing an ultimatum: pay up or the files are destroyed.
Cybercrime experts have long warned companies to refuse such demands – not just to discourage ransomware attackers but also because the technology they use is often so faulty it would frequently scramble files beyond use anyway.
Yet, it seems many companies are simply not listening. Covewear found that, during Q4 2019, the average payment to ransomware hackers more than doubled. This is thought to be due to a shift in the kinds of targets hackers have in their sights.
Originally, small-time criminals with little coding knowledge could purchase basic ransomware technology on the dark web and deploy it without much difficulty. This was good enough for individuals but not so for larger companies, which sometimes had the tools and know-how to retrieve their files. However, the newest ransomware programs are more sophisticated, allowing individuals to target businesses more effectively.
Ransomware variants including Ryuk and Sodinokibi have been used to target large firms, whilst the likes of Dharma and Snatch have been deployed on SMEs. Fearful of the fallout that could come from being named as the latest cybercrime victims, some companies appear ready and willing to meet the hackers’ demands.
Another trend may also have driven the change – an improvement in the hackers’ decryption tools. Though it’s of small succour to those who fall victim, these more advanced ransomware tools have better decryption software, meaning that around 98% of companies that fall victim to such a hack today manage to get their files back in their original condition – after the ransom is paid, of course.
This development will surely embolden cybercriminals, as it negates the major argument for not paying a ransom. Now more than ever, prevention is paramount to avoid becoming the next victim – and falling foul of a hefty (and growing) ransom.