Ransomware Crooks Emboldened by More Payments, Experiments in 'Customer' Experience

A new report out from CyberEdge Group showed that ransomware attacks broke the record books again last year as criminals were carried to more profitable highs by two new prevailing trends. The first trend is that ransom payers are more successfully recovering their data, which leads to the second trend, namely that more organizations are paying off the ransoms when they're attacked.

The combination of the two trends has generated tremendous momentum for the bad guys as they're emboldened by rising profits to increase their worldwide ransomware attack pressure.

The analysis from CyberEdge comes by way of its seventh annual Cyber Threat Defense Report (CDR), which examined the cybersecurity posture and threat exposure for 1,200 organizations around the globe that operate with 500 or more employees.

The study showed that more than four out of five organizations experienced at least one successful cyberattack over the past year. Meanwhile, 62% of organizations said they were compromised by ransomware, up from 56% in the previous study.

One of the first research firms to quantify data recovery rates for ransom payers, CyberEdge found in 2018 only about 49% of those who paid the criminals ended up getting their data back in exchange for the extortion. Clearly many criminals are now experimenting with 'customer' experience, because the rate of recovery has been on the rise for the past two years in a row. In 2019 the CDR found that 61% of those who paid off the ransoms recovered their data. Today, that number has risen to 67%.

The increasing number of criminals who are willing to make good on their extortionary promises has reaped the entire ransomware industry measurable gains in finding compliant victims. Back in 2018, only 39% of victims paid the ransom. That rose to 45% in 2019. Now today, more than half of victims choose to reward their attackers, with 58% of victimized organizations paying off ransoms.

All told, ransomware criminals are raking in billions of dollars each year for their efforts. Just in the U.S. alone some recent estimates peg the damage from ransomware summing up to over $7.5 billion for attacks conducted in 2019. The pressure is only going to keep coming in 2020, according to security pundits and industry analysts. They believe that for the rest of this year

ransomware attackers will continue to hone their attacks and narrow their targets for the sake of profitability. One report from Moody's Investors Service recently pegged targeted ransomware attacks as one of the top factors amplifying cyber-related credit risks in 2020.

"Ransomware attacks will continue their evolution from diffuse, opportunistic attacks to targeted attacks that increasingly involve theft and public disclosure of data," explained the January 22 report. 

Last year in particular saw a surge in attacks against soft targets in state and municipal governments, healthcare organizations and education. Stats from Moody's found that ransomware attacks against U.S. regional and local governments doubled in 2019. Many of these organizations are tasked with solemn public safety duties and yet fail to protect themselves with a modicum of cybersecurity practices. For example, one study from University of Maryland found that American local governments were poorly equipped to handle any kind of cyber threat, including ransomware.

"While nearly half reported experiencing cyberattacks at least daily, one‐third said that they did not know whether they were under attack, and nearly two‐thirds said that they did not know whether their information systems had been breached. Serious barriers to their practice of cybersecurity include a lack of cybersecurity preparedness within these governments and a lack of adequate funding for it," that report explained.

As a result, when ransomware attackers shut down municipal systems, bureaucrats and elected officials increasingly willing to cater to extortionary demands of cybercriminals in order to assure the safety and convenience of citizens. This same playbook goes also for healthcare and educational institutions, which also tend to be laggard industries in cybersecurity best practices. Criminals are finding greater success when they play hardball by interrupting emergency room operations, 911 services, police record keeping, and other crucial services that put people in actual physical danger.

We're seeing that theme play out now during the pandemic crisis as many ransomware actors are turning up the heat even further on healthcare and pharmaceutical organizations operating for the highest of stakes.