The first quarter (Q1) of 2019 registered a high average Bitcoin (BTC) payout for ransomware attacks, according to statistics published by security researchers at Kaspersky Lab, and Coveware, a firm which helps victims payout. The number of users (victims) that met cryptocurrency ransomware in 2018 and Q1 of 2019 soared by over 500% and 90% respectively.
Cryptocurrency ransomware encrypts your important data such as documents, music, photos, and videos, but leave basic computer (PC) functions safe and sound. Cryptocurrency developers every so often include a countdown (deadline) in their ransom (payoff) demand.
If a victim does not pay by the deadline, all of his/her files are completely deleted. Several users disregard or don't appreciate the significance of backing up files and records to an external storage device such as a flash disk, memory card, external hard drive, floppy disk, CD-ROM, etc., so they frequently cherry-pick to pay the ransom since they can’t see any other means of getting and accessing their critical files back.
“Looking at the malware groups that were active in the period covered by this report, it appears that a rather short list of suspects is responsible for most of the trouble caused by cryptocurrency-ransomware. In the first period, from April 2014 to March 2015, the most actively propagated encryptors were the following groups of malware: CryptoWall, Cryakl, Scatter, Mor, CTB-Locker, TorrentLocker, Fury, Lortok, Aura, and Shade. Between them they were able to attack 101,568 users around the world, accounting for 77.5 percent of all users attacked with crypto-ransomware during the period,” Kaspersky indicated in its new report.
In the fourth quarter (Q4) of 2018, the average ransom recorded was around $6.733 and later increased by 90 percent to hit $12.8 from January to March of this year.
There has been a high growth in the demand of digital currencies by attackers and costlier strains of ransomware that actually encrypts victims’ files and demand a payment in Bitcoin, Ethereum, Ripple and other cryptocurrencies to open (unlock) these files, like Bitpaymer, Lencrypt, Ryuk, etc.
In the Q1 of 2019, Dharma, GandCrab, Ryuk, Phobos and Rapid were seen in the top positions on the ransomware market share with 27.8%, 20.0%, 18.3%, 5.2% and 5.2% respectively, as you can see on the chart below. Remember, Ryuk was not among the top-3 in the Q4 of 2018, so this is one of its notable growth in the market.
According to the Coveware report, Ryuk attacks giant institutions more often than other alternatives, and also demands much higher payroll compared to others. For instance, if you compare Dharma which is in the first position and Ryuk that is in the third position, you will see that on average the latter requires a claim of $286.56 and the first one requires $9.74, which makes a difference of around $276.
Trends of ransomware come and disappear as fresh cyber-gangs enter, sway and muscle into this lucrative business. Other popular ransomwares include WannaCry, Petya, Bad Rabbit, CryptoLocker, TeslaCrypt, CryptoWall and Locky. Generally, the undertaking of a ransomware is a very fruitful illicit business model – for instance, CryptoWall has managed to collect a total revenue of more than $350 million in a shortest period of time.
In some cases, a ransom is normally around $500 when paid on time, but multiplies after the set deadline expires. Since cryptocurrencies like Bitcoin are very difficult to trace, they are the most requested method of payment. Criminals don’t like using fiat currency (hard cash) like dollars, euros and the rest. Generally, among all other cryptocurrencies, attackers have been largely requiring Bitcoin – the leading crypto by market capitalization – due to its widespread use and adoption in the market.