Re-Extortion by Ransomware - An Increasing Trend

With businesses paying increasingly larger ransoms, attackers have altered the dynamics of ransomware attacks in the third quarter of 2020. According to Coveware researchers, there has been an increase in the average ransom payment by victims. In addition, there is an increasing trend of re-extortion of the victims even after a ransom payment.

No guarantee against doxxing

According to the report, even after paying the ransom, victims are being re-extorted just weeks after they had paid, with more threats to post the same dataset.
  • Several ransomware groups, including Sodinokibi, Maze, Netwalker, Mespinoza, and Conti were seen publicly doxxing victims even after a ransom payment.
  • The top ransomware groups (by market share) include Sodinokibi/REvil (having 16.2% market share), followed by Maze, coded into the Sekhmet and Egregor ransomware variants (13.6%), Netwalker (9.9%), and Conti (4.0%).
  • Big game payments continue to drag the averages up from an average of $108,597 in Q2 to $110,532 in Q3 of 2020, which is around a 31% hike.
  • The main attack vector behind recent ransomware attacks is the repetitive exploitation of improperly secured RDP as it is one of the most cost-effective targets for ransomware threat actors to exploit.

Recent ransomware attacks

In recent times, ransomware attacks have become qualitatively worse as hackers have become more organized and targeted in their campaigns, with easy to obtain and deploy malicious tools.

Grim outlook

Cyber extortion has increasingly become a prominent threat, with several organizations being publicly doxxed even after paying attackers the demanded ransom. Furthermore, it is expected that ransomware operators will continue to refine their strategies using more sophisticated tools and techniques to sharpen their attacks further.