The Extortionists Behind Ransomware Are Demanding Dramatically Higher Sums

Phishing attacks, typically launched via email, were the vector in 30% of cases, with software weaknesses accounting for the remainder. For the fourth quarter, the number of unique phishing reports received by the Anti-Phishing Group, a cross-industry research organization, totaled 239,910, down from 264,483. But the reason for the drop, says the APWG in its latest quarterly report, is that it’s getting harder to detect phishing sites “because phishers are obfuscating phishing URLs with multiple redirections.”

Financial-services firms sustained 3.4% of ransomware attacks in the first quarter, according to the Coveware data, while retailers were victimized in 5.2% of cases and consumer services in 6%. The biggest victims were professional-services firms (22.4%) and companies offering software services (17.2%).

But even if victims pay up, they don’t always recover their data. The Coveware report indicates that the decryption key received after sending the ransom failed in 4% of cases. “Files and servers can be damaged during or after the encryption process and this can affect data-recovery rates even when a decryptor tool is delivered,” the report says.

Also, even if the tool works, firms don’t always get all of their data back. Recovery averaged 93% in the quarter, according to the report, which notes, “sometimes the decryption tools are simply prone to error.”

Of course, firms can always protect against ransomware attacks by backing up their data. But, depending on how much data must be copied and on how many servers, it sometimes turns out to be cheaper to pay the ransom, experts caution.