Ransomware Creators Have Raked in $140 Million in the Last 6 Years, Fbi Says

Fraudsters and extortionists have always been around. Unfortunately, the crooks of today are not the same snake-oil salesmen of ages past. Thanks to the Internet, the malicious actors of today have a lot more reach and powerful tools at their disposal.

Ransomware is doubtlessly one of the most pernicious and effective means for cybercriminals to extort money from potential victims. FBI analysis of collected ransomware bitcoin wallets and ransom notes indicates that ransomware artists have lined their pockets with $140 million over the past six years. That's a staggering number, but it's probably incorrect.

FBI Special Agent Joel DeCapua announced this number as an estimation of the total amount stolen between early 2013 and late 2019, but that's based on FBI information of used bitcoin wallets and ransom notes, shared by private partners, or found on VirusTotal. This statistic fails to take into account the fact that many companies tend to report that they have fallen prey to such attacks when they do or that they downplay the severity of the situation so as not to upset their investors. Having been subject to such an attack hardly inspires confidence in the public, and as a result, many companies prefer to try and deal with the issue behind closed doors, rather than risk their stocks plummeting in value.

These numbers paint a harrowing picture. Unfortunately, they are just a hint of what damage ransomware actually wreaks on companies, communities, and private individuals alike. $140 million is just an estimation of what a number of hackers got for their efforts after transaction taxes were paid. This number is not representative of the actual damage done to businesses or institutions who are unfortunate enough to suffer such an attack. Research indicates that each successful attack on smaller companies causes an average of $713,000 of damage to the company when you factor in the expense of downtime and the revenue lost due to reputational harm.

And it's not just businesses that are at risk. In fact, research indicates that government agencies are hit hardest by ransomware artists, with some 966 government agencies suffering ransomware attacks. This includes reported attacks on 113 state and municipal governments and agencies, up to 1,233 schools and universities, and 764 healthcare providers.

Emsisoft estimates that the damages done by these monstrous attacks in 2019 alone could have exceeded $7.5 billion. Again - the amount extorted by the malware artist is in no way representative of the damages inflicted. A perfect example of this is what happened to the city of Atlanta back in early 2018. A ransomware attack using the SamSam ransomware demanded roughly $50,000 worth of bitcoin. The city didn't even have the opportunity to pay and ended up incurring $2.2 MILLION in damages.

This is why it is vital that companies, institutions, and private citizens alike all take these malware protection practices to heart.

Back Things up Regularly

Make sure to have a full-proof and working backup routine. This includes offline backups that are not accessible via the cloud.

By now, it's common practice for ransomware actors to target all of the victim's backups, including shadow volume copies on individual machines and cloud-based backup service before encrypting a network or an individual PC.

This is why it is important to perform regular offline backups that cannot be accessed and destroyed by hackers.

Be Wary of Phishing Attacks

Unfortunately, phishing is getting more sophisticated by the day. This is especially true since some hacker outfits have gotten the hang of using compromised worker's accounts and using them to phish other employees and clients.

Phishing attacks, followed by remote code execution vulnerabilities, also account for a sizable chunk of network breaches, which means that users need to always be wary of those.

Regularly Install Software and Operating System Updates

Updates the operating system and software are more often than not patches to vulnerabilities that malicious actors could well use to deadly effect. This is why it is important to install them as quickly as possible after being released.

Use Complex Passwords

This can't be stressed hard enough and often enough - people need to get used to using unique and complex passwords to access important systems, such as banking, orders, anything that requires the input of personal information - even their social media accounts.

Use NLA When using RDP

Windows' Remote Desktop Protocol is by far the most common method that ransomware attackers are using to gain access to a network before deploying ransomware, accounting for 70-80% of ransomware attacks.

This vector of attack is easily negated if you use Network Level Authentication (NLA). Doing so requires clients to authenticate themselves with the network before being able to connect to the remote desktop server. Naturally, an RDP account is only as safe as the password used to protect it - which is why using unique and complex passwords for RDP accounts is an absolute necessity.

Invest in Malware Protection

Even if you do all of the above, this doesn't make you impregnable to cyber-attacks. However, there are products that can ensure a greater degree of security, as well as improve your browsing experience and peace of mind - anti-malware solutions, password managers, and backup tools can give you a distinct advantage when it comes to online security.

March 26, 2020

Leave a Reply