Security News > 2020 > January > Ryuk and Sodinokibi Surge as Ransom Payments Double

Attackers using Ryuk and Sodinokibi - aka REvil - are increasingly "Focusing their attacks on large companies where they can attempt to extort the organization for a seven-figure payout," it says, noting that the average Ryuk ransom payment last quarter was $780,000.

One commonality across all types of tools is that attackers overwhelmingly continue to demand ransom payments in bitcoins.

When victims do pay attackers for the promise of a decryption, in Q4 2019, 98 percent received a working decryption tool, Coveware reports, noting that attackers wielding Phobos, Rapid and Mr. Dec ransomware strains "Are known to consistently default after being paid." For organizations that received a decryption tool, overall they recovered 97 percent of their data, and lost 3 percent, Coveware reports, noting that Ryuk and Sodinokibi ransomware tends to that more reliably correctly encrypt - and thus can decrypt - data.

Coveware's research comes with a caveat: It's based on the firms that it has helped deal with ransomware infections, including sometimes negotiating with attackers to try and reduce their ransom demand.

If Sodinokibi attackers hit a single system, their average ransom demand was $48,000.

News URL

https://www.inforisktoday.com/ryuk-sodinokibi-surge-as-ransom-payments-double-a-13654