More ransomware victims are paying up, even when data recovery is possible

(Image credit: Shutterstock / binarydesign)

The proportion of ransomware attack victims actually paying ransoms increased in the last quarter, even in instances where ransomed data could be recovered, new figures have revealed.

According to ransomware recovery service Coveware, data exfiltration attacks are becoming more common and blending with traditional ransomware hacks. Data exfiltration extortion involves an attacker taking possession of stolen data and putting it up for sale on forums or marketplaces. Once monetized, the hacker asks the victim to pay a ransom to prevent the information’s release. 

Coveware added that tools currently on the market vary wildly when it comes to data recovery success following a ransomware attack. What’s more, the company has noted an uptick in the number of companies experiencing operating system and registry corruption even after ransomed data is restored. 

Ransomware payments

Besides finding that more companies are being driven to pay off their attackers, Coveware uncovered several other significant ransomware industry transformations. 

Most notably, the average size, along with frequency, of ransomware payments has increased, and we’re not talking about incremental growth. If Coveware’s reporting is accurate, the average payment amount now stands at over $170,000, more than 60% higher than the figure reported in Coveware’s 2020 Q1 ransomware research summary.

The report’s authors attribute this striking change to the evolution of ransomware tactics and the popularity of new ransomware software variants. These enable attackers to profile targets and tailor their demands to the financial resources of each victim.

Although the average payment amount has gone up, Coveware actually believes one of the key recent developments in the ransomware industry to be the arrival of attackers who don’t typically request a high ransom from victims. Namely, operators using cheap or free ransomware-as-a-service (RaaS) hacking tools. These attackers typically charge lower ransom amounts because they target smaller businesses that lack the resources to adequately defend their data.