The average cost of ransomware attacks in the fourth quarter of 2019 reached $84,116 – reflecting a staggering 104% increase from $41,198 in Q4 2018, a report from cyber incident response firm Coveware has found.
The cybersecurity firm noted in its report that, typically, the total cost of a ransomware attack includes the ransom payment (if one is made), network and hardware remediation costs, the organization’s lost revenue due to business interruption, and costs related to brand damage.
However, Coveware observed that in Q4 2019 ransomware actors also began exfiltrating data from victims, threatening to release the stolen data if the ransom was not paid. This new angle to ransomware attacks meant organizations also had to deal with potential costs related to third-party claims resulting from the data breach.
Coveware also took stock of the most common types of ransomware used in Q4, with Sodinokibi being the most prevalent of the malware, comprising 29.4% of all ransomware incidents in the quarter. The infamous Ryuk ransomware came in at second place, accounting for 21.5% of all ransomware cases in the fourth quarter.
Other significant findings of the report include:
- Compromised Remote Desktop Protocol (RDP) credentials (remote PC access) was the most common ransomware attack vector for Q4 2019, accounting for 57.4% of all cases. Email phishing, the second most common attack vector, comprised 26.3%.
- Companies in the professional services industry were the most commonly targeted by ransomware (20.4%), followed by healthcare (18.7%), and then software services (11.7%).
- The average size of companies affected by ransomware in Q4 2019 was 610 employees.
- Ransomware in Q4 2019 caused an average number of 16.2 days of downtime for organizations.
- 99% of ransomware attackers demanded their ransom be paid in Bitcoin; the remaining 1% asked to be paid in Dash or other privacy coins.