Ransomware Demands Soared 950% in 2019

Ransomware Demands Soared 950% in 2019

Ransomware operators had another standout year in 2019, with attacks and ransom demands soaring according to new data from Group-IB.



The Singapore-based security vendor claimed that, after a relatively quiet 2018, ransomware was back with a vengeance last year, as attack volumes climbed by 40%.



As large enterprises became an increasing focus for attacks, ransom demands also soared: from $8,000 in 2018 to $84,000 last year. That’s a 950% increase.



The “greediest ransomware families with highest pay-off” were apparently Ryuk, DoppelPaymer and REvil, the latter on occasion demanding $800,000.



As mentioned, last year saw an increasing number of attackers focus their efforts on larger targets, often using sophisticated APT-style tactics, according to Group-IB. This included trojans such as Dridex, Emotet, SDBBot, and Trickbot to compromise victims and post-exploitation frameworks such as Cobalt Strike, CrackMapExec , PowerShell Empire, PoshC2, Metasploit, and Koadic to gather info on the targeted network. Data theft also became a popular way to force payment.



Phishing emails continued to be the number one initial threat vector, alongside RDP compromise and websites infected with exploit kits, the security vendor added.



“The year of 2019 was marked by ransomware operators enhancing their positions, shifting to larger targets and increasing their revenues, and we have good reason to believe that this year they will celebrate with even greater achievements,” said Group-IB senior digital forensics specialist, Oleg Skulkin.



“Ransomware operators are likely to continue expanding their victim pool, focusing on key industries, which have enough resources to satisfy their appetites. The time has come for each company to decide whether to invest money in boosting their cybersecurity to make their networks inaccessible to threat actors or risk being approached with ransom demand a ..