Cyber ransom demands up 200 percent in 2019
Requested amounts in ransomware attacks rose nearly 200 percent from 2018 to 2019, averaging $115,123 per attack last year.
A report from incident response, risk management and digital forensics firm Crypsis Group reveals that threat actors across a range of cyberattack types have significantly escalated their tactical approaches, becoming more targeted, conducting victim research and employing techniques that enable them to be more successful and extract higher payouts for their efforts.
"Since 2018, threat actors have evolved from deploying mass-distributed phishing campaigns with lower ransom demands to highly targeted, well-researched attacks on larger enterprises with deeper pockets," says Crypsis Group CEO, Bret Padres. "We believe these new methods represent a tactical shift in response to stronger enterprise security defenses and an associated reduction in organizations' willingness to pay."
The healthcare sector has been the most aﬀected (22 percent of 2019 ransomware incidents), with the manufacturing sector coming in second at 13 percent. More incidents have included the deletion or disabling of backups, as well as the threat of releasing sensitive data publicly. The threat actor group known for deploying The Maze ransomware is leading the way in extortion tactics, but others are getting into the game.
The research has also seen an increase in business email compromise attacks with BEC threat actors also conducting lengthy research on victims to ensure a higher degree of success.
Additionally, insider threats have been the dark horse cyber risk of 2019. While nation state and cybercrime threat groups get the headlines, malicious insiders are found to be silently grabbing organizations' sensitive data. Crypsis insider threat investigations rose approximately 70 percent year on year. In terms of motive, 57 percent of attacks were waged by employees looking to advance their careers and who were departing the victim organization, whether or not the organization was aware of the employee's impending departure.
The full report is available from the Crypsis site.