Ransom Demands Continue to Increase
The Coverware Quarterly Ransomware report for Q3 2020 reveals that the average ransom demand progressively increased during the last 8 quarters, though the quarterly growth was more significant every quarter starting Q3 of 2019. Ransom demands went up once more in Q3 of 2020. The average demand of $233,817 went up by 31% from Q2 of 2020 with the median payment soaring by $1,935 to $110,532. The growth in the average payment shows ransomware gangs are performing more attacks on big companies, where the prospective profits are a lot higher.
Q3 of 2020’s Largest Ransomware Threats
The largest ransomware threats in Q3 of 2020 included Maze, Sodinokibi, Netwalker, DoppelPaymer and Phobos,. The top two ransomware variants were Sodinokibi accounting for 16.2% of attacks and Maze accounting for 13.6% of attacks. Maze ransomware attacks were highest in Q3; nevertheless, the operators have already de-activated their operation, as affiliates engaged in the syndication of the ransomware mostly moved to the Egregor and Sekhmet ransomware-as-a-service operations. Attackers using those ransomware variants went up in Q3 and are likely to keep on growing in Q4.
Primary Ransomware Attack Vectors
The most frequent attack vectors employed to syndicate ransomware have not evolved much during the last few quarters. Attacks on RDP remain the most prevalent with over 50% of infections. The most respected ransomware groups like Sodinokibi and Maze (Sekhmet/Egregor) prefer this attack vector. Nearly 30% of attacks resulted in the distribution of the ransomware through phishing emails and there are more phishing-related attacks since Q4 of 2019. Less than 10% of attacks exploit software vulnerabilities and other types of compromises.
There are disquieting indications that the volume of stolen RDP credentials has overtaken demand and so the price tag for those credentials is going down. As the price tag goes down, it leads this attack vector to other less technologically sophisticated gangs, who may select this approach to attack companies. Coveware is warning companies that this attack method is the least expensive way to endanger companies, and the great importance of appropriately protecting RDP connections could not be over-emphasized.