Ransom Demands Double While Ransomware Victims Bankroll Hackers

Alarming numbers from the last quarter of 2019 show that ransom demand payments doubled compared to the previous quarter, with the average ransom payment rising 104 percent from the previous quarter to $84,116 (Coveware), wrapping up a successful year for ransomware operators. From there, the numbers just get scarier. Coveware reported that organizations hit with ransomware suffered an average of 16.2 days in downtime which is an increase of over four days from the third quarter. 

Coveware’s CEO and co-founder Bill Siegel commented on the huge increase in ransom payments, stating, “The doubling of the amount was surprising. I think we expected it to rise, but had not expected the impact of large enterprise attacks to pull the average up as much as it did.”

Coveware’s reports also indicated that attackers’ techniques are changing, with increases in ransomware attacks which include data exfiltration and exposure techniques. Data exfiltration — the practice of exfiltrating data before encrypting it and threatening to leak it to the public unless the demand is paid — became a trend in summer 2019.

Why is this such a successful market for hackers right now?

Seigel explained that cybercrime is a business, and just like any other business, when costs are low and profits are high, business is booming. Nearly 60 percent of attacks last quarter used stolen Remote Desktop Protocol credentials, which are available on the darkweb for less than $100. Coveware estimated that hackers using ransomware only needed to get returns on about 2 percent of their attacks to make a hefty profit. “This will continue until the profit margins go down for these cheap and simple attacks,” says Seigel. “As of right now, the margins are great for cybercrime, so it marches on.”

But low costs aren’t the only things enticing cybercriminals to use ransomware. Reports show that victims are increasingly more willing to bargain with hackers. A recent survey of 600 security professions by Proofpoint suggests that a little more than half of the affected organizations in 2019 decided to pay the ransom. However, the survey also found that of those who paid, 22 percent were still unable to access their data, and 9 percent were hit with more demands.

What Can You Do to Avoid Paying the Ransom?

A secure infrastructure has multiple layers of security with working backups in place underneath it all. Seigel explained that the companies that agree to pay the ransom payments are usually the ones with compromised backups or without any backups in place. “Those who think paying a ransom will help them recover faster are incredibly mistaken,” he said. “In our experience that is absolutely false, and in practice it does not happen. Once companies realize the extent of the remediation work necessary just to cleanse their production network, such that you could safely decrypt it, they realize that on a risk and time adjusted basis, restoring from backups is always a better option.” Learn more about Trinsio’s fast and secure backups here.

Las Vegas With Rubrik Versus Ransomware: 1-0

On January 7, at 4:30 a.m., the website and several city services were taken offline by a ransomware attack, which local press have speculated came from an phishing attack over email. A little over 24 hours later, the City of Las Vegas has returned to normal, almost like the attack never took place. The City of Las Vegas tweeted: “Following yesterday’s cyber compromise, we have resumed full operations with all data systems functioning as normal.  Thanks to our software security systems and fast action by our IT staff, we were fortunate to avoid what had the potential to be a devastating situation.” A follow-up tweet reassured followers that no data was lost and no personal data taken.

With more than 45 million visitors a year and over 2.1 million residents, the City of Las Vegas moved to Rubrik because it met their needs for flexibility, price, and speed. Lester Lewis, Deputy IT Director, said about their decision to use Rubrik over other services: “Rubrik is a very important partner in how we do business now because we made the decision to be a smart city and collect all this data, so we had to make a decision to protect all the data.”

The decision that they made to protect their data paid off. Because they switched to Rubrik, the City of Las Vegas was able to restore quickly and prevent any down time of critical services.

Ransomware has become the plague of the last decade, and is looking like it will be continuing to be an issue into the next. Each year, ransomware attacks cost businesses $75 billion (source: Datto). Ransomware is a type of malware that encrypts the users data on the computer that it has infected and holds the data hostage until the users pays whoever is responsible for the malware in exchange for the encryption key. Ransomware can be close to impossible to decrypt without the key and even if the user pays the ransom demand, it is not guaranteed that they will get all of their data back. If the user does not pay the ransom demand, the encryption key is deleted, and if the user doesn’t have any other technology in place, the data is lost forever. 

A month earlier, the Pittsburg Unified School District was also subject to a ransomware attack. However, they were not prepared, and consequently were unable to get services back in time for school to start weeks after the attack. The school district welcomed their students back without any laptops or internet. School emails were not accessible, so the school resulted to only using phones. 

Pittsburgs Unified School District is not the only organization to be affected. Baltimore City government was hit with a ransomware attack in 2019, with estimated losses at $18 million. Other cities like New Orleans, New York City, Riviera Beach, and at least 85 others were also subject to ransomware attacks and suffered losses in 2019.