70% of Ransomware Attacks Targeted SMBs, BEC Attacks Increased by 130%

Beazley Breach Response (BBR) Services found that 71% of ransomware attacks targeted small businesses, with an average ransom demand of $116,324 and a median of $10,310, after analyzing 3,300 incidents involving its clients in 2018.

As further detailed by Beazley's 2019 Breach Briefing report, the highest ransom demanded from its insureds was of $8.5 million or 3,000 Bitcoin, while the highest ransom paid by one of its clients was of $935,000.

Small-to-medium sized companies were the most sought over targets because they will usually spend a lot less on securing their computing systems and information than larger firms according to the report, making it a lot easier for malicious actors to compromise their systems.

Out of all SMBs impacted by ransomware, the ones "that do not lockdown Remote Desktop Protocol (RDP) are at higher risk of being attacked" according to Beazley, a group of global insurance professionals.

As reported by BleepingComputer during October 2018, there's also a ransomware family dubbed CommonRansom which will actually ask victims to provide RDP access with admin credentials to the locked computers to decrypt the encrypted files. 

Ransomware statistics 2018
Ransomware statistics 2018

"Many small businesses outsource their IT to contractors that they allow to remotely access their networks via RDP. Attackers will scan the internet for open RDP ports, and then attempt to brute force a weak password to get access," says Beazley. "Businesses that do not change the default RDP port, or who do not use strong passwords, are susceptible to this attack."

The company also discovered that attackers of all skill levels were involved, from those that used ransomware-as-a-service (RaaS) platforms [FilesLocker, Saturn, Data KeeperPrincess EvolutionGandCrab] in their campaigns to highly skilled threat actors who used ransomware to attack specific targets with goals "clearly beyond extortion."

Besides abusing weakly protected RDP daemons, attackers also used sextortion campaigns to dupe their victims into downloading ransomware malware or droppers that will eventually infect the compromised machine with ransomware.

"The email contains a link or zip file they claim contains evidence of the internet or webcam activity, or to a website to pay the cryptocurrency ransom. But, if clicked on, the link may in fact spread malware that can steal information and install ransomware," states the report.

In addition, out of all industries targeted by ransomware campaigns, the top three organizations who experienced this type of incident are from healthcare (34%), professional services (12%), and financial institutions (12%), while government (6%), real estate (4%), and hospitality (3%) closed the rankings.

Industry ransomware attack rankings 2018

Beazley's analysis also unearthed the fact that business email compromise (BEC) fraud attacks, which start with credential theft via phishing or malware campaigns and result in fraudulent wire transfers and payments to accounts controlled by the attackers, saw a 133% increase during last year.

To be more exact, BEC attacks accounted for roughly 24% of the overall number of breach incidents reported to Beazley Breach Response (BBR) Services, a drastic boost from the 13% reported for 2017.

"Almost half (47%) of all incidents investigated by BBR Services in 2018 were the result of a hack or malware. Of these, approximately half were BEC," as detailed by the report.

According to Beazley's analysis of BEC incidents reported by customers throughout 2018, the highest BEC claim paid by the insured was of over $2.5 million, while the average cost of a BEC claim was around $70,960.

Related Articles:

StopCrypt: Most widely distributed ransomware evolves to evade detection

LockBit ransomware secretly building next-gen encryptor before takedown

New RustDoor macOS malware impersonates Visual Studio update

Cisco warns of password-spraying attacks targeting VPN services

PyPI suspends new user registration to block malware campaign