Ransomware attacks throughout 2020 were devastating and seemed to indicate that this form of cyberattack was on a continued upward trajectory. Ryuk, for example, extracted an enormous $34 million ransom payout and various companies throughout the year were crippled by sophisticated ransomware attacks.
However, the latest data indicates that victims of ransomware attacks have begun to push back, and the top attack vector for ransomware attacks is now email phishing. A recent report shows that ransomware attacks overall have reduced the amounts they demand in response to a more stubborn, preventative victim market. The number of ransoms paid has actually gone down.
Coveware released their final Quarterly Ransomware Report for 2020, which clearly indicates that RDP compromise has fallen out of favour, and phishing has increased. The report also states that the average ransom payment has gone down from $233,817 to $154,108 between Q3 and Q4 of 2020, and the media payment has gone down by an even more significant percentage. Unfortunately, the threat of sensitive data release as a tactic has gone up, with 70% of ransomware attacks using this extortion method.
Over the last year, organizations have taken some significant steps forward in their ability to protect and recover their locked environments. Coveware suggests this ability has contributed to the reduction in ransom demands, both in amount and volume. Coveware also believes that the increase in the threat (and fact) of sensitive data release shows that criminals are rarely, if ever, destroying exfiltrated data, which has meant that there is less impetus for companies to pay the ransom in order to prevent publication.
The last quarter of 2020 saw email phishing overtake RDP as the most prevalent ransomware attack vector. With the onset of the COVID-19 pandemic, the beginning of the year saw a considerable rise in RDP attacks, as companies moved to remote working in a rush, in many cases without the proper protections in place. However, as the year has progressed and organizations have acclimatized to the new normality, phishing has overtaken RDP as the most effective way to introduce malicious code and hack vulnerable networks.
Although RDP attacks are down, it is still vital to keep taking the steps that have made this a less prominent attack vector. Reducing or removing Internet-facing RDP is a must, with more secure tech a far better option.
Turning to phishing, the best way to reduce the effectiveness of email phishing attacks is by turning your workforce into a human firewall. The best defense is an educated, aware staff, backed up by the latest cybersecurity training, and armed with the tools and resources they need to make the right decisions and take the right actions when it comes to keeping your company safe.