Ransomware demands up by 43% so far in 2021, Coveware says

ransomware demands up

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

Ransomware hacking groups are getting greedier. Ransomware demands up by 43% so far in 2021, Coveware says.

The average demand for a digital extortion payment shot up in the first quarter of this year to $220,298, up 43% from the previous quarter, according to a quarterly report from Coveware, a ransomware response firm. The median payment, too, jumped up 58% from from $49,450 to $78,398.

The majority of ransomware demands in the first quarter also involved theft of corporate data, a continuation of a trend of ransomware actors increasingly relying on exfiltration and extortion demands. Seventy-seven percent of ransomware attacks included the threat to publish stolen data in the first quarter of this year, which is up 10% compared to the last quarter of 2020, Coveware found.

The report comes as the U.S. government is working to improve law enforcement actions targeting the infrastructure that supports ransomware gangs. In recognition that ransomware demands are an increasingly popular approach, the U.S. Department of Justice just stood up a taskforce meant to tamp down on ransomware attacks in the hopes of reducing costs to U.S. victims.

Coveware found that, so far this year, fewer victims were paying out ransomware demands. But with extortion attempts on the rise, victims may feel tempted to pay up, even if they are better off avoiding the exchange of currency entirely, Coveware advises.

“Over hundreds of cases, we have yet to encounter an example where paying a cyber criminal to suppress stolen data helped the victim mitigate liability or avoid business / brand damage,” the company wrote in its report. “On the contrary, paying creates a false sense of security, unintended consequences and future liabilities.”

In what is likely to be welcome news for law enforcement officials, some ransomware groups appeared to encounter problems in their attack campaigns and running “criminal enterprise at scale” in the first quarter, according to Coveware.

The Conti group, for instance, was attacking victims it had already targeted, a move which runs counter to an organization interested in getting victims to cough up ransom demands, researchers found. Sodinokibi, which was the most common strain found in ransomware attacks last quarter, encountered technical problems in their attacks, while law enforcement entities’ takedown of Netwalker infrastructure apparently ground those operations to a halt.

A whole slew of hurdles in tackling ransomware gangs remains, however.

Average downtime following a ransomware attack grew 10% in the last quarter to 23 days, according to the report. And although hackers were relying on spearphishing as a way to launch their ransomware attacks through much of 2020, gangs are increasingly switching to exploiting vulnerabilities in Remote Desktop protocol services and software vulnerabilities, to breach victim networks, Coveware found.

Part of the challenge law enforcement officials face is keeping up with an evolving threat landscape and array of actors who utilize different techniques.

One ransomware group, known as Clop, has been particularly active in the most recent quarter, Coveware found, for instance. But although Clop ransomware infections were the fourth most common last quarter, in the previous quarter attacks with Clop didn’t rank among even the top ten.

Ransomware gangs in general switched up their target set last quarter as well, and have increasingly been going after victims in the professional services industry, namely law firms, per the report.

Subscribe To Our Newsletter

More To Explore

Wanna take it to the next level?

drop us a line and let's get started

We're Here To help

Feel free to contact us, and we’ll be more than happy to answer all of your questions.

a2Da Digital

a2Da Digital is a brand of a2Da Enterprises

ERHUB
Ahtri 12
10151 Tallinn, Estonia

[email protected]

+372 712 4283
Hours : 08:00 to 18:00 Mon – Fri
Support 24×7 Submit a Ticket Here
Registered in Tallinn, EE : 14740580
VAT : EE102279616

By completing this form, you consent to a2Da Digital, in its capacity as data controller, collecting your data in order to be able to respond to your message. To assert your right of access or removal, see our Privacy Policy.

Our company is a collective of amazing people striving to build solutions you need.

Actual people, easy to contact and who know what they are doing, these are the members of the team you will deal with.
We all speak French and English and will be able to answer all your questions as quickly as possible.
Just drop an email at [email protected] with your question.

We have both eyes on our equipment, update and maintain it ourselves 24/7 and have constructed an architecture that we believe is sound, secured, efficient and cost effective. We own our servers, we do not resell hosting packages!