The Rising Ransomware Payments In Q1 2019 Caused by 'Ryuk' Targeting Large Organizations

Ransomware is a type of malicious software from cryptovirology that threatens to publish victim's data, or to block victim's access to his/her system unless a ransom is paid.

While some simple ransomware may lock a system in a way which is not difficult for a knowledgeable person to reverse, advanced malware uses encryption to make victim's files inaccessible.

This kind of attack has caused numerous troubles. For example, in 2018, a town in Alaska was forced to use typewriters for a week after the BitPaymer Ransomware crippled the Borough's government networks.

Then there was the CryptoLocker, which is regarded as the first true ransomware, and believed to successfully extorted a total of around $3 million from victims, and the Petya ransomware that caused havoc to banks and airports worldwide.

According to ransomware support firm Coveware’s report, cryptocurrency payments made to ransomware attackers have increased by more than 90 percent from $6,733 in Q4 2018 to $12,762 Q1 2019.

Ransomware 2019
[block:block=86]

While ransomware attacks remain relatively stable, with most varieties declining. However, it appears that one particular kind is gaining a rapid pace.

According to the report, this increase was caused by expensive infections from a ransomware called Ryuk, believed to be single-handedly responsible for the dramatic increase of ransomware in 2019.

On average, Ryuk demands around $288,000 per attack. This is significant as attackers using other types of malware generally demand less than $10,000 per attack. This is because Ryuk targeted larger organizations that have the financial capacity to pay larger demands and a lower tolerance for downtime.

According to the CEO and co-founder of Coveware:

"Ryuk is just one of dozens of types of Ransomware observed impacting companies during the quarter."

"Ryuk ransoms are much higher than others, [it] was not even close to being in the top 3 in our last report (Q4), so its increase in market share and corresponding high average ransoms pulled the average up."

Ransomware 2019
Ransomware 2019

What ransomware like Ryuk does, is encrypting victim's hard drive, and locking the system until the victim contacts the hackers and pay the ransom in the form of Bitcoin.

Ryuk‘s share is at 18 percent, putting it in third place behind GrandCrab and Dharma, with 20 percent and 27.8 percent respectively.

The financial costs associated with ransomware attacks extend far beyond the cost of data recovery. The report states that businesses lose an average of 7.3 work days to attacks, and an estimated $64,645 in additional downtime related costs.

According to Coveware, the industries that are commonly targeted include professional services, such as law firms and CPA firms. Small healthcare organizations, such as local specialist offices, are also often targeted because they tend to under-invest in IT security and backup policies, and have a low tolerance for data loss.

"Ryuk relied much more on targeted email phishing, which reflects the threat actors preference to go after larger organizations," explained Coveware. "These more targeted attacks require more social engineering via spear and whale phishing techniques."

In 2018, cybersecurity firms tracked a series of Ryuk attacks, which collected over 705 Bitcoins in just five months. At the time, that's an equivalent of $3.7 million.

To come to this report, Coveware compiled anonymized data gathered by its Incident Response Team to collect the data.

What this means, the findings are indicative only of those that contacted Coveware for help, and it's unlike a survey which relies on sentiments.