Coveware recently issued its 2021 Q3 Ransomware blog article, which notes that ransomware attackers are “moving away from big game hunting” and are moving to the middle market. According to the post, “Middle market companies that are not systemically important may not offer up the largest ransoms, but are more cost effective to attack and may still provide a sizable payment if the company is caught without the proper defenses and backup assets.”

Coveware found that professional services companies saw the most ransomware events in Q3 2021, followed by the public sector, and then health care. The top three ransomware variants were Conti v.2, Mespinoza, and Lockbit 2.0. The most used attack vectors continue to be remote desktop protocol compromise, email phishing, and software vulnerability. The most used tactics, techniques and procedures used by the cybercriminals during the attack include: 1) Credential Access; 2) Lateral Movement; 3) Defense Evasion; 4) Persistence; and 5) Discovery.

Although the average ransom payment in Q3 was similar to that of Q2, Coveware reported that 83.3 percent of all attacks included the exfiltration of data.

The statistics from Coveware’s research continue to be consistent with our experience, and underscore the importance of preparing for a ransomware attack, testing your incident response plan through a tabletop exercise, and completing your ransomware playbook.