Grab a cup of coffee, and let's talk about something that's been making waves in the cybersecurity world: ransomware. You've probably heard about the alarming rise in ransom payments, but did you know that ransom monetization rates have actually fallen to a record low? It's a complex and evolving landscape, and we're here to break down the recent very interesting Coveware report for you.
The New Numbers
In Q2 of 2023, only 34% of ransomware attacks resulted in the victim paying up, a record low. But don't let that fool you. The average ransom payment has skyrocketed to $740,144, a 126% increase from Q1 2023. How did we get here? Let's explore.
Understanding the Cyber Extortion Opportunity Cost Curve
Imagine a curve that charts the financial impact on the victim against the expected profit for the threat actor. This curve helps us understand different extortion strategies, from low-effort, low-impact attacks to high-cost, high-impact ones.
- Phantom Incidents: These are like those annoying spam emails, low impact, and low payout. They're cheap to pull off but rarely successful.
- Database Deletion - Spray Attacks: A step above phantom incidents, these attacks wipe databases, are not exfiltrated, but are often not recoverable.
- NAS Device Encryption CVE Attacks: These target weakly secured NAS devices, causing real but manageable impact.
- Data Exfiltration Attacks: Here, the threat actor steals data and extorts the victim over its public release. It's a high-stakes game.
- Encryption Ransomware: The big players. These attacks cause the highest level of impact and have the largest expected profit.
The Changing Face of Ransomware
Threat actors are adapting. Some groups like Dharma and Phobos have become dormant, while others are shifting tactics, tools, and targets. The CloP group, for example, made a staggering sum of money from the MOVEit campaign, despite a very small percentage of victims paying.
The Impact on Industries
As threat actors react to shifts in their economic opportunity costs, we're likely to see changes in industry concentrations. It's a game of cat and mouse, and the landscape is ever-changing.
Ransomware Attack Vectors:
As the unit economics of cyber extortion shift, attack vectors and TTPs shift. Threat actors are increasingly “living off the land”, but demonstrated by CloP, the fields are far more fertile for some groups vs. others. Here are the updated attack vector numbers:
The upshot
The world of ransomware is complex and ever-evolving. While monetization rates are falling, the stakes are rising, with higher ransom payments and more sophisticated attacks. It's a reminder that investing in security, continuity assets, and security awareness training is more crucial than ever. Full recommended blog post at Coveware.
Let's stay safe out there. Train those users, because the #1 ransomware attack vector is... phishing.