Report: Bitcoin Is the Most Preferred Payment Option in Ransomware Attacks

Bitcoin is the preferred method of payment in 98% of ransomware attacks, reveals a new report on data collected by the ransomware management firm, Coveware. Coveware is responsible for handling and dealing with ransomware for companies both small and big.

In the report, Coveware aggregated data anonymously, collected by their Incident Response Team in all the cases that they have dealt with so far in 2019. With this report, Coveware hoped that big and small enterprises who face a threat from such attacks can better prepare themselves.

Discussing the damages of a ransomware attack on a company’s revenue, the report establishes that there are two main costs. The first is the recovery cost, which includes the costs of forensic reviews and re-building the software infrastructure. The amount paid as ransom is also considered a part of the recovery cost. The second main cost is the cost of downtime. Often amounting to more than the recovery cost, and as noted by Coveware in the report, often 5-10x the total ransomware amount paid. This cost is measured in lost productivity which involves slack labor and lost revenue opportunities.

“In Q1 of 2019, the average ransom increased by 89% to $12,762, as compared to $6,733 in Q4 of 2018,” the report states. Blaming the increased number of infections by more expensive ransomware such as Ryuk, Bitpaymer, and lencrypt for the increase in average ransom amount paid. There is also the rising phenomenon of sextortion ransomware, which has already caused extensive damage to victims in several incidences.

Talking about the payment methods used by the attackers, the report notes that Bitcoin continues to be the most preferred way of payment. Mainly because of the friction caused by the lack of understanding by the victims regarding how to deal with most cryptocurrencies, which is why attackers still stick to Bitcoin as it is the most famous cryptocurrency. The rest 2% of the attacks involve payments through private virtual coins like Dash.

The report also notes that even after a ransom has been paid, it is still possible that the attacker does not deliver a decryption tool with which to recover the data affected by the ransomware. In this case, it is possible that there is absolutely 0% data recovery. In the case that the attacker does deliver a decryption tool, it is still possible that the servers and databases will be hurt during or even after the decryption process.

Sharing Is Caring: