() continues to account for the lion’s share of crypto-denominated ransomware payments, according to Coveware’s Q1 2019 Global Ransomware Marketplace report, on April 15.
The report — reportedly based upon aggregated ransomware data from cases tackled by Coveware’s Incident Response Team — indicates that in Q1 2019 the ransomware landscape saw a sharp increase in the average ransom demanded by threat actors.
The average sum — demanded in exchange for the ostensible delivery of a decryptor tool that can help victims recover data after a ransomware attack — rose 89% from a median $6,733 in Q4 2018 to $12,762 in Q1 2019, the report states.
Of these ransoms that were paid in , 98% were payable in . The report outlines that in Q1 2019:
“[H]andling continued to be a major source of friction for victims, and thus the threat actors as well. It is unlikely that ransomware rotates towards a different anytime soon as they are even more nuanced to procure and handle.”
Coveware notes that threat actors have scant need to migrate away from to other coins as they reportedly face little difficulty using mixing services to exchange for privacy-focused cryptos such as dash () or ().
Privacy coins are thus used for only 2% of ransomware payments, according to Coveware’s data, and are largely used later in the process, once the payment has been received and threat actors subsequently attempt to obfuscate the transfer of their ill-gotten funds.
GandCrab — a strain of ransomware that accounts for 20% of the market, according to Coveware’s data — was the only prevalent strain where threat actors accept payment in either dash or .
Moreover, the report notes, GandCrab victims who pay with face a 10% additional fee due to the costs incurred by the threat actors’ use of mixing services to anonymize the after payment.
As reported earlier this week, digital giant recently won a to protect users from .
In March, Big Four auditor nationals behind the ransomware scheme SamSam — which reportedly damaged multiple companies, agencies, universities, and — to the WEX.
Published at Fri, 19 Apr 2019 17:38:53 +0000
