Check Point Research (CPR) is sharing new information on the ransomware economy after further analyzing Conti Group leaks and the various data sets associated with ransomware victims.
The ransom is a small fraction of the actual cost to a ransomware attack victim, as CPR estimates the total cost is 7 times higher. Cybercriminals demand an amount corresponding to the victim's annual income, which ranges between 0,7% and 5%.
The duration of a ransomware attack was significantly reduced in 2021, from 15 days to 9. CPR also noted that ransomware teams have clear basic rules for successful dealings with victims, which affect the negotiation process and dynamics.
CPR analyzes two sets of data to explore both sides of ransomware attack: that of victims and that of cybercriminals
CPR distributes ransomware numbers by region for the first quarter of 1, compared to the first quarter of 2022.
Check Point Research (CPR) analyzed two sets of data to obtain new information on the ransomware economy, estimating that the ransomware's side cost to victims is 7 times greater than the ransom paid.
The first set of data was the Kovrr Cyber Incident Database, which contains the latest information on cyber incidents and their financial implications.
The second data set used was the Conti group leaks. THE research of CPR aimed to investigate both sides of a ransomware attack: both the victims and the cybercriminals.
Key Findings
Side costs. Ransom is a small part of the cost to the victim of a ransomware attack. CPR estimates that the total cost of the attack is 7 times higher than what the victim pays to cybercriminals and relates to response and rehabilitation costs, court fees and surveillance costs.
Final sum. The final ransom amount depends on the victim's annual income and ranges between 0,7% and 5% of it. While the higher the annual income of the victim, the lower the percentage of income that will be claimed, as this percentage represents a higher numerical value in dollars.
Duration of the attack. The duration of a ransomware attack was significantly reduced in 2021, from 15 days to 9 days.
Basic trading rules. Ransomware groups have clear basic rules (as follows) for successful trading with their victims, which affect both the trading process and the dynamics of trading:
a. Accurate assessment of the financial situation of the victim
b. Quality of data filtered by the victim
c. The ransomware team reputation
d. The existence of cyber insurance
e. The approach and interests of the victims' negotiators
Comment: Sergey Shykevich, Threat market Group Manager at Check Point Software:
"Σε αυτήν την έρευνα, έχουμε παράσχει μια εις βάθος ματιά στις προοπτικές τόσο των επιτιθέμενων όσο και των θυμάτων μιας επίθεσης ransomware. Αυτό που μαθαίνουμε ουσιαστικά είναι ότι τα λύτρα, που είναι ο αριθμός με τον οποίο ασχολούνται οι περισσότερες έρευνες, δεν είναι ο βασικός αριθμός στο οικοσύστημα ransomware. Τόσο οι κυβερνοεγκληματίες όσο και τα θύματα έχουν πολλά άλλα οικονομικά θέματα και προβληματισμούς όσον αφορά στην επίθεση. Είναι αξιοσημείωτο πόσο συστηματικοί είναι οι εν λόγω κυβερνοεγκληματίες στον καθορισμό του ποσού των λύτρων και στη διαπραγμάτευση. Τίποτα δεν είναι τυχαίο και όλα ορίζονται και σχεδιάζονται σύμφωνα με παράγοντες Αξιοσημείωτο είναι το γεγονός ότι για τα θύματα, το «παράπλευρο κόστος» του ransomware είναι 7 φορές μεγαλύτερο από τα λύτρα που πληρώνουν. Το μήνυμά μας προς το κοινό είναι ότι η εκ των προτέρων δημιουργία κατάλληλης άμυνας στον κυβερνοχώρο, και ειδικότερα ένα σαφώς καθορισμένο σχέδιο απόκρισης σε επιθέσεις ransomware, μπορεί να εξοικονομήσει πολλά χρήματα στους οργανισμούς."
Ransomware through Numbers
For the first quarter of 2022, CPR divides the following numbers:
- Globally, the weekly average of affected organizations is 1 in 53 - an increase of 24% on an annual basis (1 in 66 organizations in the first quarter of 1)
- In the EMEA, the weekly average of affected organizations is 1 in 45 - an increase of 37% per year (1 in 62 organizations in the first quarter of 1)
- In APAC, the weekly average of affected organizations is 1 in 44 - an increase of 37% per year (1 in 60 organizations in the first quarter of 1)
- In Africa, the weekly average of affected organizations is 1 in 44 - an increase of 23% on an annual basis (1 in 54 organizations in the first quarter of 1)
- In ANZ, the weekly average of affected organizations is 1 in 88 - an increase of 81% on an annual basis (1 in 160 organizations in the first quarter of 1)
- In Asia, the weekly average of affected organizations is 1 in 24 - an increase of 54% on an annual basis (1 in 37 organizations in the first quarter of 1)
- In Europe, the weekly average of affected organizations is 1 in 68 - an increase of 16% per year (1 in 80 organizations in the first quarter of 1)
- In North America, the weekly average of affected organisms is 1 in 120 - no change per year
- In Latin America, the weekly average of affected organizations is 1 in 52 - a 25% increase on an annual basis (1 in 64 organizations in the first quarter of 1)
How to protect yourself from Ransomware
Powerful data backup. The purpose of ransomware is to force the victim to pay a ransom in order to regain access to their encrypted data. However, this is only effective if the target actually loses access to its data. A powerful, secure data backup solution is an effective way to mitigate the impact of a ransomware attack.
Cyber awareness training. Phishing emails are one of the most popular ways to spread ransomware malware. By tricking a user into clicking a link or opening a malicious attachment, cybercriminals can gain access to the employee's computer and begin the process of installing and running ransomware on it. The frequent education Cyber security awareness is vital to protecting your organization from ransomware.
Powerful, secure control identity user. Enforcing a strong password policy, requiring the use of multi-factor authentication, and educating employees about phishing attacks designed to steal login credentials are all critical elements of an organization's cyber security strategy.
Patch updates. Keeping computers up-to-date and implementing security patches, especially critical ones, can help reduce an organization's vulnerability to ransomware attacks.
The text is full of syntax errors, obviously due to the automatic translation by translate and it is not the first time. If you spent 15 minutes with the article after the automatic translation it would be more understandable and more relaxing for the reader.