Corporate ransomware payment amounts rose sharply in the first quarter of this year, with a wave of coronavirus-related attacks and other peripherally-related cases because of complexities with shifting to remote work for many people, according to a Coveware blog post.
The average ransomware payment, according to Coveware, a cybersecurity company, hit $111,605, a 33 percent jump from Q4 2019.
Attacks typically targeted larger businesses that could afford to pay those kinds of sums, and the attacks tended to be successful more often. Payments of that size weren’t the majority — the median was more around $44,000 — but the few large payments did increase the overall average.
Sodinokibi was the top type of ransomware on the market with 26.7 percent of the total showing. Close behind was Ryuk with 19.6 percent, and then Phobos with 7.8 percent.
Mamba, a combo of a boot-locker program and full-disk encryption, shot up sharply this quarter, sitting at 4.8 percent now, an increase of 4 points overall.
The top industries targeted by ransomware were professional services with 18.1 percent, healthcare with 13.8 percent and the public sector with 12 percent. Professional services firms include law firms, IT managed service providers and CPA firms.
The increase in attacks on the public sector could have had to do with the coronavirus pandemic. Public sectors like schools (which were almost 50 percent of that category targeted by attacks) can sometimes be vulnerable to ransomware attacks over the summer while school is out. But because of the rapid school closings and moves to online classes due to the virus, the schools left themselves open to attacks.
One common method of ransomware is data exfiltration, in which data downloaded from victims’ computers is threatened to be released publicly. That method was more popular in the first quarter than it was before — previously, data exfiltration was almost never used at all.
Despite the focus on larger businesses, ransomware is mainly a problem for smaller businesses. According to stats from Coveware, the average companies targeted by ransomware have fewer than 1,000 employees.