With average payments rising to over $220K, organizations scramble to stop ransomware attacks as gangs begin taking more advantage of software vulnerabilities as their attack vector.
If there were stock in ransomware companies, someone would be making a fortune. The latest data from ransomware incident response company Coveware shows the folks in the ransomware business are making more money and are getting better at their craft. In their Q1 2021 Quarterly Ransomware Report, the security researchers at Coveware provide a great glimpse into the current state of the attack:
- The average ransom is $220,298, up 43% from Q4
- 77% of ransomware attack now include the threat to leak exfiltrated data, up 10% from Q4
- The average number of downtime days is 23, up 10% from Q4
- Software vulnerabilities top the list of initial attack vectors in small and mid-sized businesses
What’s fascinating is RDP (Remote Desktop Protocol) still maintains a healthy dominance as the initial attack vector in enterprise organizations, and phishing remains a huge problem for every size organization up to 100K employees.
From Coveware’s data, it’s evident that organizations need to take patching, vulnerability scanning, and overall vulnerability management seriously (the bad guys are!), as well as have Security Awareness Training in place to address the use of phishing as a primary ransomware attack vector.