Ransomware generates big money for the groups behind it, with new research confirming (some) of the scale of the problem. Chainalysis, a blockchain research firm, looked at data from monitored cryptocurrency wallets, concluding that around $449 million has been taken from victims in the last six months.
As The Record correctly notes, the actual figure will likely be significantly higher because only monitored wallets are included in the study. In terms of what’s going on out there, payments under $1,000 and above $100,000 are both on the up. It’s claimed that ransomware groups could pull in around $900 million in 2023, with the return of “big game hunting” being one of the key factors for the bump.
What is big game hunting? Well, this is the practice of targeting large, financially well-off corporations in order to secure the biggest possible payouts. Even with the increase in attacks on smaller companies, taking on the big entities is where the most enticing payouts are waiting to be had.
As an example of payout sizes, BlackBasta’s 2023 average payment size is $762,634 and its median is $147,106. Cl0p checks in with a $1,730,486 average and a $1,946,335 median. At the other end of the scale the smaller, less sophisticated deployments such as Phobos creep into view with a $1,719 average and a $300 median.
No matter the size of the payment, they are ultimately securing said payments and continuing to make bank. It’s also suspected that as more firms refuse to pay their extortionists, so too are the ransomware authors responding by increasing their ransom demands. The research also notes that additional tactics are being used in cases of non payment to up the ante further. Threats to leak data, sell it online, break other parts of the business, attack related firms, or even harass employees are all tactics ransomware authors can make use of.
It’s not all doom and gloom where cryptocurrency payments are concerned. With the notable exception of ransomware, cryptocurrency crime across 2023 is in “sharp decline”. Cryptocurrency businesses are getting a handle on scams, users new and old are learning about how to protect their investments, and law enforcement pressure on cryptocurrency fraud is likely having an impact.
Back in the realm of ransomware, things aren’t perhaps quite as good with some of the big hitters from our June ransomware review serving up exploits, dubious “charity donation” requests, and an increase in attacks on education.
Elsewhere, we have students being used to apply pressure to impacted organisations and relentless attacks on schools. It would be unwise to think the scale of ransomware’s day to day impact is in any danger of dropping off anytime soon.
How to avoid ransomware
- Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; disable or harden remote access like RDP and VPNs; use endpoint security software that can detect exploits and malware used to deliver ransomware.
- Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
- Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
- Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
- Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.
Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.