perm_phone_msgConsider your business risks? Chat With US

Ransomware victims are paying out millions a month. One particular version has cost them the most.

Ransomware BCyber todayMarch 5, 2020 22

share close
Ransomware: You can’t just rely on cloud-synced backups Ransomware victims are finding out too late that their vital backups are online and also getting encrypted by crooks, warns cybersecurity agency.

Ransomware victims have paid out more than $140 million to crooks over the last six-and-a-half years, according to calculations by the FBI.

Joel DeCapua, an FBI special agent in the global operations and targeting unit, told the RSA Conference 2020 that ransoms worth $144.35 million were paid between January 2013 and July 2019. The FBI only looked at ransoms paid in bitcoin, so the actual figure is likely even higher, although bitcoin is the cryptocurrency of choice for cyber-extortionists.

Ryuk was the leading ransomware variant, generating roughly $61m between February 2018 and October 2019. Crysis/Dharma was the second most lucrative ransomware, generating $24m between November 2016 and November 2019. Third on the list, Bitpaymer, generated $8 million between October 2017 and September 2019, while SamSam managed $6.9m between January 2016 and the end of November 2018.

DeCapua said that a huge chunk — around $64m — of that ransom then passed through virtual currency exchanges as crooks looked to cash out, although $37m remains in wallets as unspent bitcoin.

In terms of how ransomware attacks begin, DeCapua said that Remote Desktop Protocol (RDP) provides the initial foothold in 70% to 80% of incidents.

Mostly this is done by brute-force attacks on RDP – that is, the use of automated tools to try password variations until one works.

“It’s brute force because there are really, really bad passwords or there are just complex passwords that are re-used all over the place and they end up on some password cracking list,” said DeCapua. If cracking RDP is not the source of the ransomware infection, then it will be phishing, he said.

Not using human-readable passwords, he said, is a step towards halting ransomware. “If you can tell your password to someone else in under 30 seconds, it’s probably not a secure password,” he said, along with closer monitoring of networks. That’s because, while it may be hard to stop hackers getting onto the network, it is much easier to spot their tracks as they move about inside the network — which is when you can catch them.

He also said companies should have a plan for what to do if they are hit with ransomware, and a backup – offline.

This content was originally published here.

Written by: BCyber

Rate it
Previous post

Similar posts

Ransomware BCyber / October 19, 2020

Ad-light, Malware-heavy # Chris Dzombak

Ad-light, Malware-heavy Since December 17, Forbes has been running an experiment wherein some fraction of visitors who are running ad blockers are blocked from accessing Forbes articles until they disable their ad blocker. In exchange, Forbes promises an “ad-light experience”: A Forbes article published yesterday claims that this interstitial resulted in 42.4% of visitors turning ...

Read more trending_flat