Average ransom amount rises due to more advanced ransomware variants

The average amount of ransom demanded for ransomware is rising. Hackers are asking almost half more than a few months ago. The increase seems to be mainly due to the emergence of more advanced ransomware such as Ryuk.

Security company Coveware reports this in a quarterly report. The average amount demanded for ransom in the past quarter was USD 12,762, converted about EUR 11,300. In the previous quarter, that amount was still at 6,733 dollars, or almost 6000 euros.

Ransomware attacks are becoming more targeted, the researchers say. They are more likely to use vulnerabilities in the remote desktop protocol, or rdp, to attack businesses, rather than general phishing attacks. Attackers often first explore a system through RDP attacks so that they know how to strike most effectively.

The ‘price increase’ is largely caused by the rise of the Ryuk ransomware. According to experts, they are more suitable for carrying out more specific attacks and for dealing more damage. For example, Ryuk can disable System Restore so that users cannot fall back to a restore point. This makes it easier for attackers to demand a large ransom. The Coveware researchers saw that in some cases amount to as much as 250,000 euros.

According to the researchers, it is common for companies to get their files back when they pay. As a result, ransomware attacks remain effective and that encourages criminals to carry out more targeted attacks. With new ransomware variants such as Gandcrab, according to the researchers, there is an ‘almost one hundred percent chance’ that a company will get data back after payment.

The researchers also found that ransomware mainly affects medium-sized companies with just over 100 employees. This mainly concerns office environments and small health institutions. In addition to RDP attacks, spear phishing campaigns also remain an effective method of infection.