Re-Extortion by Ransomware - An Increasing Trend
With businesses paying increasingly larger ransoms, attackers have altered the dynamics of ransomware attacks in the third quarter of 2020. According to Coveware researchers, there has been an increase in the average ransom payment by victims. In addition, there is an increasing trend of re-extortion of the victims even after a ransom payment.
No guarantee against doxxing
According to the report, even after paying the ransom, victims are being re-extorted just weeks after they had paid, with more threats to post the same dataset.
- Several ransomware groups, including Sodinokibi, Maze, Netwalker, Mespinoza, and Conti were seen publicly doxxing victims even after a ransom payment.
- The top ransomware groups (by market share) include Sodinokibi/REvil (having 16.2% market share), followed by Maze, coded into the Sekhmet and Egregor ransomware variants (13.6%), Netwalker (9.9%), and Conti (4.0%).
- Big game payments continue to drag the averages up from an average of $108,597 in Q2 to $110,532 in Q3 of 2020, which is around a 31% hike.
- The main attack vector behind recent ransomware attacks is the repetitive exploitation of improperly secured RDP as it is one of the most cost-effective targets for ransomware threat actors to exploit.
Recent ransomware attacks
In recent times, ransomware attacks have become qualitatively worse as hackers have become more organized and targeted in their campaigns, with easy to obtain and deploy malicious tools.
- In October, REvil threat actors launched ransomware attacks against Gaming Partners International, and Hanover Chamber of Crafts and demanded a huge ransom amount.
- Similarly, NetWalker ransomware operators targeted CMC in Ravenna and Enel Group and asked for a large ransom, to be paid in Bitcoin, to regain control of the data and network.
Cyber extortion has increasingly become a prominent threat, with several organizations being publicly doxxed even after paying attackers the demanded ransom. Furthermore, it is expected that ransomware operators will continue to refine their strategies using more sophisticated tools and techniques to sharpen their attacks further.