We’ve said it before and we’ll say it again. Ransomware is here to stay and it is only going to grow in popularity and ransom size. Coveware’s most recent ransomware report shows an increase in ransom size across the board for the three largest ransomware players; Phobos, Ryuk and Sodinokibi as shown below. The big winner was clearly Sodinokibi as their ransom average leapt by over 4X in the past quarter, driven primarily by their targeting larger victims.
Targeting Strategies Changing
Another interesting observation from Coveware is how these three players are changing their target victim profile as we pass the first quarter of 2020. Sodinokibi has gone up-market targeting select, large enterprise victims where their ability to deploy VPN exploits gives them an “in” to otherwise more sophisticated targets as compared to their usual SMB bread and butter. At the same time Ryuk took the opposite tact and moved their focus down-market while Phobus followed Sodinokibi up-market, albeit to a much lesser extent.
Attack Vectors Vary Widely
When comparing the three ransomware leaders it is fascinating to note which attack vectors are preferred and relied upon for each player’s success. Sodinokibi, being more sophisticated spreads its attacks across email phishing, RDP, software vulnerabilities and a smattering of other vectors while Phobos sticks to RDP and Ryuk primarily phishes with a smidge of RDP.
Good News as Shade Gets a Conscience
In a surprising turn of events, while many ransomwares are getting more aggressive and exploitive the operators behind the infamous and once prolific Shade ransomware have exited the business and publicly posted decryption keys. According to a post on Cisomag.com over 750,000 keys were published!
More Good News Konsultek Has You Covered
Even as the world struggles to recover from the Covid-19 pandemic cybercriminals are hard at work phishing, exploiting and brute-forcing their way into organizations of all size. What you need more than ever is a security partner like Konsultek on your side. Our team of engineers is prepared to help your organization stay secure no matter what your unique circumstances might be. Give us a call to learn how you can become more secure in these trying times.