Not only is the frequency of ransomware attacks skyrocketing, attackers are targeting larger organizations and demanding higher ransom payments.
Specialist insurer Beazley released its Beazley Breach Insights report for May last week, finding that ransomware attack notifications against clients increased 105% in the first quarter of 2019 compared to one year earlier.
There was also a 93% increase in the average ransom demanded or paid in Q1 2019 (US$224,871) compared to the 2018 average of US$116,324. Incident response firm Coveware added the average price of ransoms in Q1 2019 increased by 89% as compared to Q4 2018, Beazley said in the breach insights report.
Bill Siegel, CEO of Coveware, attributes the increased number of attacks to two main factors. “First, anytime the average ransom demand goes up, its going to pull in more attack groups interested in making money,” he said. “Second, the easy availability of exploit kits (such as banking Trojans) and [ransomware as a service] means there is a lower barrier to entry for would-be hackers.”
While attacks using ransomware as a service remain commonplace (tending to hit unsuspecting small businesses), more sophisticated variants are being deployed through phishing emails and tricking users into activating banking Trojans, the insurer said.