The latest data from ransomware recovery vendor, Coveware, outlines the current state of the cost, duration, and recovery rate of ransomware attacks today.
Many organisations still think ransomware is merely a nuisance, impacting only a few machines and requiring only restoring backups to address. But the Coveware Q2 Ransomware Marketplace Report tells a different story.
Some highlights from the report:
- The average ransom payment increased by 184% from Q1 to Q2 this year, nearly tripling the cost from circa £11,000 to £33,000 (converted from US$)
- RDP compromise is the primary attack vector in 59% of attacks
- The average downtime from an attack is 9.6 days
- 96% of organisations receive a working decryption tool when paying the ransom
- On average, 8% of decrypted data is lost
These details paint a pretty exact picture of what to expect should your organisation be hit by ransomware.
There are two action items you can take away from this report:
- Close off RDP access from the Internet – the bad guys are simply automating the testing of connections across millions of IP addresses, so this is opportunisti and you’re providing the opportunity if you haven’t closed off RDP. If you need to use RDP, make sure it’s over an SSL VPN connection.
- Train your users – Email Phishing is still used in just over one-third (34%) of attacks, according to the report. Putting users through Security Awareness Training like ours will teach them to spot phishing emails intent on infecting their machine and keep themselves (and the organisation) from going through the scenario depicted above.