Ransomware: Gangs are shifting targets and upping their ransom demands

Ransomware attacks continue to grow, according to data from IBM, which also suggests that ransomware gangs are upping their ransomware demands and getting more sophisticated about how they calculate the ransom they try to extort.

The number of ransomware attacks IBM’s Security X-Force Incident Response team were called in to deal with tripled in the second quarter of this year compared to the previous quarter, and accounted for a third of all security incidents it responded to between April and June 2020. “Ransomware incidents appeared to explode in June 2020,” said a report by the company’s security analysts

June alone saw one-third of all the ransomware attacks the IBM team has remediated so far this year. The report said ransom demands are increasing rapidly, with some reaching as high as $40 million. It revealed that Sodinokibi ransomware attacks account for one in three ransomware incidents IBM Security X-Force has responded to so far in 2020.

SEE: Security Awareness and Training policy (TechRepublic Premium)

IBM said it has observed a general shift in ransomware attacks. Ransomware hits manufacturing companies hardest, it said, and that these account for nearly a quarter of all the incidents responded to this year, followed by the professional services sector and then government.

“Attacks on these three industries suggest that ransomware threat actors are seeking out victims with a low tolerance for downtime, such as manufacturing networks. Organizations that require high uptime can lose millions of dollars each day due to a halt in operations. Therefore, they may be more likely to pay a ransom to regain access to data and resume operations,” IBM said.

IBM said there is also a shift to blended extortion-and-ransomware attacks – where gangs steal a copy of sensitive company information before encrypting it. If victims look like they won’t pay up for the decryption key, the attackers will increase the pressure by threatening to release the stolen data too.

With attackers actually stealing company data, ransomware attacks are also becoming data breaches, which for some companies, depending on where they are, can bring additional risk of fines from regulators. Indeed, in some cases IBM said attackers were thought to name their ransom according to the regulatory fines organizations would have to pay.

The ransomware strain IBM Security X-Force has seen most frequently in 2020 is Sodinokibi. IBM calculates that Sodinokibi has claimed at least 140 victim organizations since its emergence in April 2019. It estimates more than one in three Sodinokibi victims have paid the ransom, and 12% of victims have had their sensitive data sold in an auction on the dark web. In these auctions, prices for data range from $5,000 to over $20 million.

SEE: GandCrab ransomware distributor arrested in Belarus

“Our research also indicates Sodinokibi attackers consider a victim organization’s annual revenue when determining a ransom request, with known requests ranging from 0.08% to 9.1% of the victim company’s yearly revenue,” IBM said.  

“The group appears to tailor its requested ransom amount to a victim organization, with the highest Sodinokibi requested known ransom amount being $42 million and the lowest around $1,500. Our conservative estimate for Sodinokibi ransomware profits in 2020 is at least $81 million.”

Source link

Recent articles

Snail mail: US elex ballots mailed now may not arrive in time | US & Canada News

Voting advocates are warning that ballots mailed in now may not arrive in time to be counted and should be dropped off at...

Microsoft Is Releasing An Official Mandalorian Controller

Releasing on December 31, the Mandalorian wireless Xbox One controller is coupled with a charging stand and retails for $160. It's not made...

Jona Frank: Between Reality and Fantasy

“In each project I am asking the same questions — about becoming and identity and how we find ourselves,” said Jona Frank, a...

Norwegian converts more debt into equity | News

Scandinavian budget carrier Norwegian has converted another SKr231 million ($26 million) of debt into equity by issuing 56.3 million new shares. The airline says in a...

Dunkin’ Brands Considers Sale to Private Equity

This Nov. 17 and 18, DealBook is holding our first Online Summit. Join us as we welcome the most consequential newsmakers in business,...

PHOTO: Baby White Rhino Makes His Debut at Disney’s Animal Kingdom!

Disney’s Animal Kingdom is welcoming all sorts of lovable...

Leave a reply

Please enter your comment!
Please enter your name here