The average ransomware payment increased by a whopping 104 percent in the fourth quarter of 2019, spiking to $84,116 from $41,198 in Q3, according to a report from Coveware, a security vendor.
Ransomware, also known as cyber extortion, involves the use of malicious software designed to block access to a computer system until a sum of money is paid. The 4Q increase reflects the diversity of the cyber criminals attacking companies.
Some ransomware variants are focusing on large companies where they can attempt to extort the organizations for seven-figure payouts. Small businesses, on the other hand, are bombarded with ransomware variants with demands as low as $1,500.
The total cost of a ransomware attack depends on its severity and duration and includes the costs of the ransom payment (if one is made), as well as remediation costs, lost revenue, and potential brand damage.
In Q4, ransomware actors also began exfiltrating data from victims and threatening to release it. In addition to remediation and containment costs, this complication adds to the potential costs of third-party claims.
Other key takeaways from the report include:
- 98 percent of companies that paid the ransom received a working decryption tool in Q4 2019, unchanged from Q3.
- Victims who paid for a decryptor successfully decrypted 97 percent of their data, a slight increase from Q3.
- Average downtime increased to 16.2 days, from 12.1 days in Q3 of 2019. The was driven by a higher prevalence of attacks against larger enterprises, which often spend weeks fixing their systems.
- Cyber criminals demand Bitcoin almost exclusively now in all forms of cyber extortion because it’s easier to swap extortion proceeds into a privacy coin after they collect, than to require a victim to purchase a less liquid type of digital currency.
- Less sophisticated and well-financed attackers will target small companies with small IT budgets.
- Public sector organizations continued to account for a high percentage of ransomware attacks in Q4. The attacks are expected to continue until these organizations are able to increase their security budgets.