The availability of commodity bots and ransomware is making the business of ransomware accessible to just about every. And, according to new data, everyone’s getting in on the game.

I love reports that provide an insightful view into what the bad guys are doing, quantifying what we’re all experiencing as an industry. A new report from threat intelligence firm Group-IB entitled Ransomware Uncovered 2020-2021 sheds some much needed light on the current state of not just attacks, but the specific methods and techniques used in today’s ransomware attacks.

According to the report:

  • The average ransom in 2020 was $170,000; up from $80,000 in 2019
  • The average dwell time on a victim network was 13 days
  • The average downtime resulting from an attack is 18 days

Digging a bit deeper…

  • Almost one-third (29%) of attacks start with phishing
  • Almost two-thirds (64%) of attacks are via Ransomware-as-a-Service

There are two very frightening predictions in this report.

“More actors will focus on gaining access to enterprise networks for resale purposes.”


“Some threat actors may abandon the use of ransom-ware and instead focus on exfiltrating sensitive data for extortion.”

Think about it what all this means: more hackers will be looking to simply gain compromised access to your environment to sell it to the would-be cyberattackers who have access to even more effective and readily-available RaaS.

This is bad news, indeed.

As the bad guys ramp up their efforts to make more money off of victim organizations, it’s equally important that you begin increasing your security stance against these kinds of attacks – specifically focusing on the phishing aspect of attacks by putting employees through new school Security Awareness Training. By continually educating users about cyber attack methods and scams, they are more prepared to spot one before they’ve made the mistake of engaging with it and putting the organization at risk.