It exploits vulnerabilities in software and Remote Desktop Services (RDP) services as a common means for cybercriminals to break into networks. Meanwhile, the average ransom paid by victims of ransomware attacks is increasing. According to an analysis of cybersecurity Coveware’s Quarterly Ransomware Report, the average ransom payment in the first quarter of 2021 was $ 220,298, or $ 154,108 in the fourth quarter of 2020. It increased by 43% from (about 17 million yen). Part of the significant increase in ransom payments is due to some of the most notorious ransomware groups intensifying their activities. These groups demand high amounts of money from victims in Bitcoin in exchange for decryption keys. Such a group is “CloP”. According to Coveware, CloP was “extremely active” in the first quarter, targeting large victims and demanding a very high ransom. CloP ranked fourth in the ranking of the most popular ransomware variants in the first quarter, with a 7.1% share. It wasn’t in the top 10 in the fourth quarter of 2020. The most common type of ransomware in the first quarter was “Sodinokibi”, which accounted for 14.2%, “Conti V2” (10.2%), “Lockbit” (7.5%), “CloP” (7.1%), ” Egregor ”(5.3%) followed. In addition, “Avaddon”, “Ryuk”, “Darkside”, “Suncrypt”, “Netwalker”, and “Phobos” are ranked high. One of the tricks that has led to higher success rates for ransomware attacks is to expose data stolen by cybercriminals in the network. The aim is to encourage victims to pay the ransom for fear of the potential disclosure of sensitive information online. According to Coveware’s analysis, 77% of ransomware attacks included tricks that threatened to leak stolen data in the first quarter. It has increased by 10% since the fourth quarter of 2020. The highest percentage of ransomware attack vectors in the first quarter was compromised RDP at around 50%. It is believed that methods such as using stolen credentials, guessing default and commonly used passwords, and exploiting unpatched vulnerabilities are being used. Email phishing rates continue to be a popular attack vector. The rate at which software vulnerabilities are exploited has also increased. As a result of these, incidents continued after the ransomware attack, with an average downtime of 23 days in the first quarter of business interruption. A useful way for an organization to recover from a ransomware attack is to update network backups on a regular basis or store them offline. In the worst case, it will be possible to restore the network without responding to ransomware demands. However, the best way to avoid damage from a ransomware attack is to avoid it first. Cybersecurity measures such as avoiding the use of default usernames and passwords and protecting your account with multi-factor authentication may help. Enterprises should also ensure that software is patched with the latest security patches across networks to prevent cybercriminals from exploiting known vulnerabilities to launch ransomware attacks.