77% of ransomware attacks, including the threat to publish stolen data in the first quarter of this year, is up 10% compared to the last quarter of 2020, says a report from Coveware, a ransomware response firm. It says majority of ransomware attacks in the first quarter also involved theft of corporate data, a continuation of a trend of ransomware actors increasingly relying on exfiltration and extortion demands.
Coveware found that, so far this year, fewer victims were paying out ransom demands. But with extortion attempts on the rise, victims may feel tempted to pay up, even if they are better off avoiding the exchange of currency entirely.
“Over hundreds of cases, we have yet to encounter an example where paying a cyber criminal to suppress stolen data helped the victim mitigate liability or avoid business or brand damage,” the report said. “On the contrary, paying creates a false sense of security, unintended consequences and future liabilities.”
Law enforcement officials have highlighted that some ransomware groups appeared to encounter problems in their attack campaigns and running “criminal enterprise at scale” in the first quarter. The report gave an example of the Conti group attacking victims it had already targeted, a move which runs counter to an organization interested in getting victims to cough up ransom demands. “Sodinokibi, which was the most common strain found in ransomware attacks last quarter, encountered technical problems in their attacks, while law enforcement entities’ takedown of Netwalker infrastructure apparently ground those operations to a halt,” it said. It has to be noted that Clop, a ransom group, has been particularly active in the most recent quarter; although it was the fourth most common last quarter, in the previous quarter attacks with Clop didn’t rank among even the top 10.
Also Read: SBI warns customers about QR scans
Coveware found that average downtime following a ransom attack grew 10% in the last quarter to 23 days. “Although hackers were relying on spearphishing as a way to launch their ransomware attacks through much of 2020, gangs are increasingly switching to exploiting vulnerabilities in Remote Desktop protocol services and software vulnerabilities, to breach victim networks,” it said.