Report: Average Initial Ransomware Demand in 2023 Reached $600K
A report published by Arctic Wolf, a provider of managed security services, found the median initial ransom demand made by cybercriminals rose 20% year-over-year to $600,000, with legal, government, retail and energy sectors each seeing median demands of $1 million or more.
Overall, manufacturing, business services and education/non-profit are the top three industries being victimized, the report noted.
Mark Manglicmot, senior vice president for security services for Arctic Wolf, said in general, it’s clear cybercriminal organizations and criminal syndicates are only becoming more aggressive as they seek to intimidate victims.
Unfortunately, most ransomware attacks continue to exploit known vulnerabilities. Well over half (60%) of incidents involved vulnerabilities disclosed prior to 2022. Only 3.4% of incidents involved a zero-day exploit.
In fact, more than half of the incidents Arctic Wolf investigated involved at least one of 10 specific vulnerabilities. If organizations focused more on eliminating those issues, the overall state of cybersecurity would improve within most organizations, noted Manglicmot.
On the plus side, the report makes it clear organizations are becoming more resilient. In 71% of the incidents investigated by Arctic Wolf, organizations were able to leverage backups to restore their environment to some degree. That capability puts organizations in a better position to negotiate with cybercriminals if they choose, said Manglicmot.
Insurance companies have also played a significant role in requiring organizations to be able to recover from a ransomware attack by modernizing their data protection practices, he added.
At the same time, law enforcement agencies are becoming more adept at identifying the cybercriminal syndicates that are primarily responsible for ransomware attacks. They might not be able to arrest the perpetrators because they reside in countries that don’t have extradition treaties but, in some cases, they can recover the funds given to them in exchange for decryption keys.
However, the extent of the ransomware challenge goes well beyond the ability of law enforcement agencies to effectively thwart. They may be able to temporarily disrupt the operations of a high-profile cybercriminal syndicate from time to time, but the number of organized cybercriminal syndicates continues to proliferate around the globe.
In fact, the Arctic Wolf report suggests that not enough attention is being paid to other types of attacks that these syndicates routinely launch. The number of business email compromise (BEC) attacks launched exceeds ransomware attacks by a factor of ten. However, a ransomware attack is 15 times more likely to be investigated, the report noted.
On the plus side, the number of BEC investigations conducted by Arctic Wolf did double in the first half of 2023. Overall, BEC incidents made up 30% of the total incidents investigated, most of which involved an attacker using credentials to log into an exposed application (39%) or exploiting a vulnerability in an externally accessible system (29%).
As always, each organization should look to itself to improve its cybersecurity posture. However, with the aid of managed security service providers (MSSPs), insurance companies and law enforcement agencies, the ability to defend and respond to those attacks is steadily improving. The challenge is finding the best way to orchestrate those resources at a time when there are still far too many victims hoping to leverage the same limited resources.
