Bitcoin currently accounts for a majority of crypto-denominated ransomware payments as per the Coveware's Q1 2019 Global Ransomware Marketplace report, released on April 15.
The report created on aggregated ransomware data cases handled by Coveaware's Incident Response Team - displays that in Q1 2019 the ransomware landscape saw a drastic increase in an average ransom required by threat actors.
The average sum required in exchange for assumed delivery of the decrypter tool which can help victims to recover data after the ransomware attack increase 89% from a total $$6,733 in Q4 2018 to $12,762 in Q1 2019, the report states.
Out of all the ransoms which were paid in Cryptocurrency, 98% were payable in Bitcoin. The report states in Q1 2019:
“[H]andling cryptocurrency continued to be a major source of friction for victims, and thus the threat actors as well. It is unlikely that ransomware rotates towards a different cryptocurrency anytime soon as they are even more nuanced to procure and handle.”
The sudden increase in the Crypto demanded occurs thanks to the raising frequency of more expensive strains of ransomware. Ransomware mainly encrypts victims' and asks for a payment in Cryptocurrency to unlock them. As per the report, Ryuk, BitPayer, and lencrypt have affected the most this year.
Ryuk is also aiming for larger organizations than other variants, the report says. Also, it is demanding for higher ransoms. For instance, Dharma requires an average ransom of $9,742, however, Ryuk requires average ransom of $286,556.
Coveware mentions that threat actors have little requirement to migrate away from bitcoin to another coin because they found issues while mixing services to exchange bitcoin for Privacy-focused Cryptos like dash (DASH) and Monero (XMR).
As per the Coveware's data, Privacy coins mainly used 2% of ransomware payments and are highly used later in the process, when the payment has been received and threat actors continuously try to overshadow the transfer of their ill-gotten funds.
GandCrab, a ransomware strain which accounts for 20% of the market, as per the Coveware's data is only the frequency strain where the threat actors accept payments in both dash or bitcoin. Also, the report says, the attack victims who pay using bitcoin have to pay 10% extra fee because of the items added by threat actors by mixing services to hide crypto after payment.