Ransomware victims often have to pay extra ‘ransom’ to the cybercriminals to stop them from leaking their stolen data, but Coveware’s analysis suggests that it may be a useless practice

Ransomware cyber-attacks are pretty common, and whether you run a large booming business or a small-sized business, you can become a victim of these threat actors. They hack into the systems of an organization and steal their sensitive data. Then they demand a ransom amount from the organization, and most victims end up paying huge amounts of money just to stop them from leaking that data online or on other forums. What is worse is that most of the time, these victims have to give ransom just to find out which files and which data exactly has been stolen!

According to Coveware’s recent report, most of these threat actors find different ways to extort more money from the victims once their original ransom has been paid! They blackmail the victims for the same data files and the victims have no choice but to comply with these cybercriminals.

For their analysis, Coveware studied certain ransomware groups like Sodinokobi, Netwalker, Mespinoza, and Conti. All of these groups have re-extorted more money from their victims, posted their data online despite receiving their ransom and payment to not to do so, and have even provided fake ‘proofs’ to the victims that they had deleted the stolen files while in reality, they still had them.

As per Coveware’s analysis, sometimes these threat actors sell the stolen data to other groups, and then those other groups start blackmailing the victims.

The CEO and co-founder of Coveware, Bill Siegel says that it cannot be determined as to how much frequently these things are happening, but they are happening enough for us to understand that no one should pay a ransom in the first place only!

But this is only applicable if the victim organizations have all their data backup that they can restore once it is lost. Unfortunately, there are instances when these threat actors get access to the backup data also, and in such cases, the victims do not have any other choice but to negotiate with the cybercriminals and fulfill their demands.

But then, as per Bill Seigel, once someone loses their data, it is highly unlikely to recover it completely. Cyber extortion is a very profitable business, and these threat actors and ransomware groups have multiple ways to use the stolen data for continued cyber extortion, and still, there is no guarantee that the stolen data is safe somewhere. Most likely, it is not, and has been sold to another group that will begin cyber extortion at the victim’s expense. So, it is a vicious cycle, and it seems that not paying the ransom in the first place is perhaps the best that a victim can do, because what’s gone is gone.

Another trend that Coveware noticed is that for some time, these ransomware groups are targeting large organizations and big brands. Their average ransom payout has also increased by almost 31% in the third quarter of 2020 in comparison with the previous quarters of previous years. In the Q3 of 2020, victims have paid an average of $233817 for this purpose.

Coveware suggests that instead of spending millions and billions in paying a ransom to these criminals, it is better if companies start using this money on tightening up their security protocols.



No comments:

Post a Comment