More publicized ransomware incidents occurred in October, 2020 than any previous month this year, totaling some 40 events, slightly less than the first three months of the year combined, a recent report said.
BlackFog, a Top 250 MSSP for 2020, has tracked reported ransomware attacks since January. Based on its own data collection, it has compiled a global ransomware analysis, entitled The State of Ransomware in 2020. The Cheyenne, Wyoming-based managed data privacy and security provider’s report provides insights into global trends for benchmarking purposes. The security specialist plans to release similar editions each month.
Here are some of the report’s top level findings:
1. Geography. 57% of ransomware attacks took place in the U.S., with no other country even within shouting distance. Australia with 7%, Canada with 6%, the U.K. with 5% and Germany with 4% followed. France, Italy, Japan and Italy all had 2%, while the rest of the world combined for 14%.
2. Industry. Government (34%), manufacturing (33%), education (29%), healthcare (24%) and general services (23%) were the primary targets.
3. Monthly hits. The trend line of number of attacks rose steadily from January through October with marginal dips in April, June and July but a notable spike in August and September, from 20 reported events to slightly more than 30 and 40 in October.
4. Ransom payouts. In Q4 2019, ransomware victims paid an average of $45,000 to extortionists to unlock their data. By Q2, 2020, that figure had mushroomed 4 times to $180,000. For the 10-month period the average ransom payment was $176,254.
5. Variants. Not surprisingly, the four primary ransomware variants together accounted for 60% of all incidents, led by Maze at 17%, REvil/Sodinokibi at 16%, NetWalker at 14% and Ryuk at 13%. The number of Ryuk attacks rose from January to October while the other three variants fell.
6. Ransom demands. The average ransom demand for a Maze attack is $420,000, followed by Ryuk at $282,590 and NetWalker at $176,910.
BlackFog’s list of documented ransomware attacks for the period can be found here. In early October, BlackFog formed a strategic partnership with Darkside Enterprises, a New York-based managed services provider. Darkside provides enterprise-level IT and security services and solutions to small and medium-sized businesses.