Despite some of the most prolific ransomware operators eithering retiring or being shut down by law enforcement, the sector continues to grow in sophistication and scale.
This is according to a new report from cybersecurity company Group-IB, which claims ransomware is now a multi-billion-dollar industry, with the average payout sitting somewhere between $150,000 and $170,000.
Analyzing more than 500 attacks, Group-IB found that Conti, Egregor, and DarkSide were the new ransomware strains to make names for themselves in 2020. Both Conti and Egregor quickly rose up the list of most prolific ransomware threats. Ryuk, once a major ransomware threat, is absent from the list after merging with Conti.
The Ransomware-as-a-Service (RaaS) model is growing even more popular, with almost two thirds (64 percent) of all observed attacks in 2020 using this approach. Once hacking groups have breached a network, they rent out a ransomware operator’s services in exchange for a share of the ransom.
Typical dwell time (time between initial infection and data encryption) is 13 days, and it takes the victim roughly 18 days to resolve downtime and eliminate the threat.
Ransomware is expected to continue on its current growth trajectory, the report concluded. As it turns into a “bruiser market”, actors will turn to Linux variants and evolve their techniques to become even more devastating.