💰

Coveware Security Incident

Q3 2020 2010 days ago Resolved

Incident Overview

Situation Description

The Coveware Quarterly Ransomware Report details trends in ransomware incident response during Q3 2020, noting an increase in ransom demands and the common practice of data exfiltration by ransomware groups.

Event Types

Ransomware Extortion (non-ransomware)

Industry Sector

nan

Geographic Scope

nan

Response Actions

Engaged Third-Party Forensic Investigators Notified Affected Individuals & Entities

Impact Analysis

Event Types (2 identified)

Ransomware Extortion (non-ransomware)

Financial Impact

$0 USD

Records Affected

Data Types Compromised

PII (Personally Identifiable Information) Intellectual Property Credentials Operational / System Data

Primary Impacts

Financial Loss Data Exposure Operational Disruption Reputational Damage Legal/Regulatory Penalties

Key Decisions Made

Coveware advises victims of data exfiltration extortion to expect that stolen data will not be credibly deleted and may be traded, sold, or held for future extortion.; Coveware recommends that victims of data exfiltration take responsible steps such as seeking advice from privacy attorneys, investigating what data was taken, and performing necessary notifications.; Coveware suggests that paying a threat actor to not leak stolen data provides almost no benefit to the victim.

Technical Analysis

Attack Method

Unknown

Threat Actor Attribution

Maze Egregor Ryuk Sodinokibi DopplePaymer Conti Wasted Nephilim Avaddon Phobos Snatch Lockbit Dharma Sekhmet Netwalker Mespinoza

Vulnerability / Tool

RDP Unpatched Vulnerability Phishing

Additional Information

Ransomware Demands continue to rise as Data Exfiltration becomes common, and Maze subdues Table of Contents Average Ransom Payment Types of Ransomware Data Exfiltration Attack Vectors Companies Targeted Costs of Attacks The Coveware Quarterly Ransomware Report describes ransomware incident response trends during Q3 of 2020. Ransomware groups continue to leverage data exfiltration as a tactic, though trust that stolen data will be deleted is eroding as defaults become more frequent when exfiltrated data is made public despite the victim paying. In Q3, Coveware saw the Maze group sunset their operations as the active affiliates migrated to Egregor (a fork of Maze). We also saw the return of the original Ryuk group, which has been dormant since the end of Q1. Average Ransomware Increases as Attackers Target Bigger Companies Average Ransom Payment $233,817 +31% from Q2 2020 Median Ransom Payment $110,532 +2% from Q2 2020 Average and Median Ransom Payments The average ransom payment increased to $233,817 in Q3 of 2020, up 31% from Q2. The median payment in Q3 rose slightly from $108,597 to $110,532, reflecting how large, big game payments continue to drag the averages up. The disequilibrium within the cyber extortion industry was evident when attackers discovered that the same tactics, techniques, and procedures (TTPs) that work on a 500 person company can work on a 50,000 person company and the potential payoff is substantially higher. The dramatic increase in ransom amounts may imply a higher degree of sophistication as attackers go upmarket, but Coveware does not believe that the attacks are more sophisticated. The biggest change over the past 6 quarters is threat actors now realize that their tactics scale to much larger enterprises without much of an increase in their own operating costs. The profit margins are extremely high and the risk is low. This problem will continue to get worse until pressure is applied to the unit economics of this illicit industry. It...

... (truncated for display)

Quick Facts

Company:: Coveware
Date:: Q3 2020
Status:: Resolved
Decision Maker:: nan
Position:: nan
Published:: 2020

Source Information

Original Query

comparative analysis of operational downtime costs for paying vs not paying ransom

View Original Source

Timeline

Information Published

2020

Incident Occurred

Q3 2020 (2010 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats