Average Ransomware Payment Doubles from Q3 to Q4 2019, Study Reveals

The price of a ransomware attack can be ascertained more precisely than other types of attacks, and a new study unveils the expected costs that a company incurs during such an event.

In 2019, companies observed a change in how criminals deploy and use ransomware, as it becomes more targeted, and sensitive data is stolen and used for blackmail. This immediately translated in a larger average ransom payment for ransomware-related incidents, which spiked by 104% in Q4 of 2019, to $84,116, up from $41,198.

The new study attributes the shift in ransomware attacks to changes in how ransomware variants Ryuk and Sodinokibi are deployed online, more recently in the enterprise space, with a focus on larger companies. Ransom demands even reached a new record high of $780,000.

The study also shows the average company downtime increased to 16.2 days in Q4, from 12.1 days the previous quarter. An attack doesn't end when the data is finally decrypted or restored from a backup. Depending on the situation, the aftermath might involve software and hardware upgrades, which can take a long time, depending on the size of the organization. And that's not even considering reputation loss, which is extremely difficult to quantify.

Another interesting metric that the study revealed has to do with the payment success rate, which is now 98%.

Finally, the attack vector was also covered, showing stolen or leaked RPD credentials (Remote Desktop Protocol) were used in 57.4% of cases, followed by email phishing, at 26.3%. It seems that the best way to protect a company against ransomware attacks is to secure the RDP credentials as best as possible, along with measures such as implementation of a powerful security solution that works organization-wide.