Ransomware actors are extending their operations to the extent that the average ransom demand grew over ten times in only a year. There are more than a dozen operators in the RaaS (ransomware-as-a-service) game. Each operator has a host of affiliates that aim at business targets around the globe.
GandCrab group announced that it quits during mid of the year 2019, and since then the ransomware prospect has changed intensely. The RaaS model introduced by the GandCrab group has become a popular way for hackers to generate money.
The yearly progression of these threats is evident in various terms such as ransom demand and TTPs used by hackers who are operating significant ransomware operations. Group-IB, a cybersecurity company provided a report recently analyzing how ransomware threat changed in only a year since the year 2018.
The report states that ransomware attacks grew by 40% during 2019, and the ransom demand increased from $6,000 to nearly $84,000. Coveware also provided a set of data showing that the average ransom price increased to $111,605 during Q1 2020. Ryuk and Revil families are considered to be responsible for this increase.
The most common techniques used are spear phishing, external remote services, and drive-by compromise through exploit kits. The FBI during the RSA security meeting held in Feb noted that RDP is one of the most common techniques used to gain access to the compromised organization’s network.
However, more advanced attackers use techniques that allowed them to gain access to more beneficial targets. Then the ransomware actors deploy their tools and start establishing persistence. Then the attackers evade the defense to acquire credentials, and then after stealing the files, the attackers ultimately encrypt files.
The report shows that even big-game operators such as Maze, Netwalker, Revil, Ryuk, or LockerGoga also used common techniques like RDP. The attackers also use phishing to initially access the victim network. The list of these actors has grown while some have also changed their names. Maze started a trend of leaking files during Nov 2019, and since then a lot of these operators have started to leak files unless they are paid the ransom money. Currently, a dozen of these operators have leak sites. Ransomware actors have also started to increase their ransom demand, and a demand of $1 million has become common.
Getty Images/iStockphoto
Read next: Uninstall these shady media editing Android apps right away to stop your data from being misused
GandCrab group announced that it quits during mid of the year 2019, and since then the ransomware prospect has changed intensely. The RaaS model introduced by the GandCrab group has become a popular way for hackers to generate money.
The yearly progression of these threats is evident in various terms such as ransom demand and TTPs used by hackers who are operating significant ransomware operations. Group-IB, a cybersecurity company provided a report recently analyzing how ransomware threat changed in only a year since the year 2018.
The report states that ransomware attacks grew by 40% during 2019, and the ransom demand increased from $6,000 to nearly $84,000. Coveware also provided a set of data showing that the average ransom price increased to $111,605 during Q1 2020. Ryuk and Revil families are considered to be responsible for this increase.
The most common techniques used are spear phishing, external remote services, and drive-by compromise through exploit kits. The FBI during the RSA security meeting held in Feb noted that RDP is one of the most common techniques used to gain access to the compromised organization’s network.
However, more advanced attackers use techniques that allowed them to gain access to more beneficial targets. Then the ransomware actors deploy their tools and start establishing persistence. Then the attackers evade the defense to acquire credentials, and then after stealing the files, the attackers ultimately encrypt files.
The report shows that even big-game operators such as Maze, Netwalker, Revil, Ryuk, or LockerGoga also used common techniques like RDP. The attackers also use phishing to initially access the victim network. The list of these actors has grown while some have also changed their names. Maze started a trend of leaking files during Nov 2019, and since then a lot of these operators have started to leak files unless they are paid the ransom money. Currently, a dozen of these operators have leak sites. Ransomware actors have also started to increase their ransom demand, and a demand of $1 million has become common.
Getty Images/iStockphoto
Read next: Uninstall these shady media editing Android apps right away to stop your data from being misused