Coveware’s Q1 Crypto Ransom Report: Payouts Up 90% Due to Ryuk Targeting Larger Companies

Though there are plenty of ways to earn money through the right trades and investments in cryptocurrency, there are some bad players that still want to cheat to win big.

Unfortunately for honest investors, ransomware attacks appear to have been quite lucrative for these fraudsters, bringing in a shocking amount of profit. According to startup Coveware, which helps to manage ransomware for small companies, the average ransom for Bitcoin has boosted by 90% in this quarter alone.

Much of the credit for this increase is being given to the Ryuk ransomware that came in, targeting big companies with extraordinarily little tolerance for downtime activity. One the attackers come after the company, it can take about a week for the ransomware attack to be over, costing companies an average of $64,645.

However, the amount of downtime for the company depends on how difficult decryption is, which is why Ryuk has been one of the main types used.

These hackers steal access to computers and networks, ordering ransom to be paid before relinquishing access to the company again. While there are some hackers that never follow through on the latter part of this deal, it appears that the average payout from these victims is $286,557 with the hopes of seeing a follow-through. At this point, it looks like the victims are at least getting 93% of their data back.

The increase, according to The Next Web’s Hard Fork, appears to be due to more expensive infections. At this point, Bitcoin is still the ransomware “payment of choice” for about 98% of attacks. In data collected by Coveware, Ryuk appears to be exclusively responsible for the jump.

The CEO and co-founder of Coveware said that this ransomware is “just one of dozens of types” that is pulling funds from companies this quarter.

The ransoms, he says, are significantly higher than the other companies, even though the last report from the company did not even feature it in their top three ransomwares in the quarter before.

Typically, the vectors used by attackers can be broken down into three main methods – finding a vulnerability in the software, email phishing, and Remote Desktop Protocols (RDPs).

Coveware expressed that phishing-based attacks are the most likely one to start increasing, considering how much easier it is to hack with the credentials available.

The different attack vectors are important to consider, because they show the sophistication of the attackers that come after these companies. While Dharma is primarily a fan of using RDP ports to expose a company, Ryuk’s path deals more in targeted email phishing, which is a testament to the desire of these attackers to go after bigger companies.

For this kind of attack to work, the attackers need to be involved with more social engineering with their technique. However, interestingly, the only one of the types of ransomware to use the vulnerabilities in software is GandCrab.

The Coveware evaluation reviews a substantial amount of information regarding the ransomware that weakens and attacks companies, adding that the average size of the company is 114 employees, as opposed to about 71 employees.

This shows that the bad actors are getting bolder and going after bigger rewards as they gain more success.

To view the full report from Coveware, visit https://www.coveware.com/blog/2019/4/15/ransom-amounts-rise-90-in-q1-as-ryuk-ransomware-increases.