Security News > 2021 > April > Q1 2021 ransomware trends: Most attacks involved threat to leak stolen data

The vast majority of ransomware attacks now include the theft of corporate data, Coveware says, but victims of data exfiltration extortion have very little to gain by paying a cyber criminal.

The data may be published before a victim can respond to an extortion attempt, and the threat actors may not provide complete records of what was taken even if the victim pays up.

"Over hundreds of cases, we have yet to encounter an example where paying a cyber criminal to suppress stolen data helped the victim mitigate liability or avoid business / brand damage. On the contrary, paying creates a false sense of security, unintended consequences and future liabilities."

The incident response firm has compiled a report of ransomware incident response trends during Q1 of 2021, and this is what they have found that the average ransom payment has reached $220,298, which is an increase of 43% when compared with that in Q4 2020.

Small businesses still disproportionately affected by ransomware attacks.

"The most common software vulnerabilities exploited during Q1 involved VPN appliances, such at Fortinet and Pulse Secure. Several RaaS services leveraged these VPN vulnerabilities during Q1. Again, it is likely that the actual RaaS operators and affiliates were NOT the party that achieved network access via these vulnerabilities, but rather specialist actors that harvest network credentials and are specifically trained to mass scan for vulnerable IP addresses. These specialists then resell network access to ransomware affiliates who use the access to stage the extortion phase of the attack," Coveware researchers noted.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/WTpyxNwPldQ/