- Home >
- Services >
- Access to Knowledge >
- Trend Monitor >
- Domain of Application >
- Trend snippet: Ransoms rise as attacks increase
Trends in Security Information
The HSD Trendmonitor is designed to provide access to relevant content on various subjects in the safety and security domain, to identify relevant developments and to connect knowledge and organisations. The safety and security domain encompasses a vast number of subjects. Four relevant taxonomies (type of threat or opportunity, victim, source of threat and domain of application) have been constructed in order to visualize all of these subjects. The taxonomies and related category descriptions have been carefully composed according to other taxonomies, European and international standards and our own expertise.
In order to identify safety and security related trends, relevant reports and HSD news articles are continuously scanned, analysed and classified by hand according to the four taxonomies. This results in a wide array of observations, which we call ‘Trend Snippets’. Multiple Trend Snippets combined can provide insights into safety and security trends. The size of the circles shows the relative weight of the topic, the filters can be used to further select the most relevant content for you. If you have an addition, question or remark, drop us a line at info@securitydelta.nl.
visible on larger screens only
Please expand your browser window.
Or enjoy this interactive application on your desktop or laptop.
Ransoms rise as attacks increase
It’s hard to believe that just two years ago, Sophos analysts marveled at the $6 million haul brought in by the operators of the ransomware known as SamSam. In an attack Sophos responded to in 2020, the ransomware operators opened their negotiations at a dollar amount of more than twice what the SamSam gang earned in 32 months of operation. Ransomware comes in weight classes, now: heavyweights that attack large enterprise networks, welterweights that target civil society (public safety and local government) and small-to-medium businesses, and featherweights that target individual computers and home users. While earning the dubious distinction of being the heaviest heavyweight sounds impressive, it isn’t fair to compare high ransom demands to those that originate from the lower end of the ransomware spectrum. Sophos has a dedicated team that investigates, and often works with the targets of, ransomware attacks. The team can forensically reconstruct the events of an attack after the fact, and sometimes disrupt attacks while they’re still in progress. The Sophos Rapid Response team gets involved in cases when there’s a chance to stop or limit the harm, but sometimes the attack happens so fast, there’s nothing it can do, and the target must then decide whether or not to pay the ransom, at which point, Sophos is no longer involved.
That’s where companies like Coveware come in. The company represents ransomware targets, as a high-stakes negotiator with their attackers. Coveware’s CTO Alex Holdtman confirmed our suspicion, that ransomware heavyweights are the primary driving factor in the demand for sky-high ransoms.
In just the past quarter, the average ransom payout has risen by 21%, but Coveware believes the averages can be skewed by just one or two very large ransom attacks. The average ransom payout in the justcompleted quarter is now the equivalent of $233,817.30, payable in cryptocurrency. A year ago, the average payout was $84,116. Ransomware threat actors understand how expensive downtime can be, and have been testing the upper limit of what they can extract in a ransom attack. Several ransomware families have taken up extortion as a side-hustle to help close the deal. As mentioned earlier in our report, groups such as Netwalker and others are using this tactic. That way, even if the target of the attack has perfectly recoverable backups of their data, they may still be forced to pay in the hopes the ransomware criminals don’t publish their internal information to the world. At the lower end of the ransomware spectrum, demands have been increasing, but Holdtman says they’re nowhere near the big fish. There are a lot of small businesses and individuals that get hit, but for them the ransom demands have remained relatively flat.