Ransomware incidents 'appeared to explode' in June: IBM

The number of ransomware attacks in the second quarter of 2020 was around three times higher than in Q1

The incidents of ransomware attacks continued to rise in the second quarter of the year, with a noticeable jump in June, say researchers at the IBM Security X-Force Incident Response team. They say the number of ransomware attacks they remediated in Q2 2020 was more than three times higher than the total in Q1.

Specifically, June "saw one-third of all the ransomware attacks IBM Security X-Force has remediated so far this year," the researchers said in a new report.

According to IBM, ransomware threat groups are putting a great deal of work into updating their tools and techniques, to match the improvements that private firms have been making to recover from ransomware attacks - a continuation of the ongoing cyber arms race.

Cybercrime groups have also begun to blend their ransomware attacks with data theft and extortion techniques. As part of the strategy, the attackers steal sensitive information from victim's systems before encrypting them. If the victims decline to pay for a decryption key, the attackers threaten to release the stolen information publicly.

IBM says that ransomware attacks are hitting manufacturing companies hardest, accounting for "nearly a quarter of all the incidents responded to so far this year."

"The professional services sector is the second most targeted industry and has experienced 17 per cent of ransomware attacks. Government organisations follow in third place, at 13 per cent of attacks."

Ransom demands from threat actors are also increasing exponentially, the researchers noted. In some cases, attackers asked victims to pay more than $40 million for decryption keys. That is an immense increase in ransom demand, from an average of $1,200 per attack a few years ago.

Sodinokibi attacks accounted for one in three ransomware incidents that IBM has responded to so far in 2020. The researchers estimate that hackers using the Sodinokibi ransomware have received at least $81 million in payouts this year alone.

The warning from IBM Security Intelligence come as big-name watchmaker Swatch confirmed this week that it had fallen victim to a ransomware attack.

The Swiss company said it shut down some of its IT systems after detecting a cyber attack over the weekend.

"Swatch Group confirms that it has identified clear signs of a developing cyber-attack on some of its IT systems during the weekend," the firm said in a statement.

Turning off technical systems affected some of its operations, it acknowledged, saying that it expects the situation to return to normal "as soon as possible".