Tag Archive for: payments

Ransomware Payments Hit $1bn All-Time High Last Year

/in


Ransomware actors collected over $1bn in extortion money from their victims in 2023 – a record high – according to Chainalysis.

The blockchain analysis company warned that even this is likely to be a conservative estimate of the financial impact of ransomware last year, as new cryptocurrency addresses are likely to be discovered over time. It said the figure for 2022 has already been revised up 24% to $567m, for example.

The figure also does not capture other costs associated with ransomware breaches, such as operational disruption, lost custom and expenses related to third-party incident response and forensics.

Two new regulatory filings from victims Clorox and Johnson Controls late last week revealed an initial combined cost of $76m related to two serious breaches at the companies last year.

Ransomware payments have been on the rise since 2019 when Chainalysis began recording the market, aside from a dip in 2022.

However, 2023 saw a “major escalation in the frequency, scope and volume of attacks,” driven by a surge in the number of groups carrying out attacks. These groups were “attracted by the potential for high profits and lower barriers to entry,” the report revealed.

It claimed big-game hunting from groups like Clop has become the “dominant strategy” over recent years, with more and more payments of $1m or more showing up. Ransomware-as-a-service (RaaS) also continues to have an outsized impact in drawing in more affiliates – many of which target smaller victims with lower ransoms.

As has been the case for several years, the ready availability of hacking tools and initial access broker (IAB) services made their job even easier last year. In the case of big-game hunters, exploitation of zero-day vulnerabilities became more popular, such as in the infamous MOVEit campaign, the report continued.

The past year saw an increase in the use of bridges, instant exchangers and gambling services – alongside centralized exchanges and mixers – as a preferred method of laundering funds.

“We assess that this is a result of takedowns disrupting preferred laundering methods for ransomware, some services’ implementation of more robust AML/KYC policies,…

Source…

Ransomware Payments Down By 40% in 2022 | Is Ransomware Still on the Rise? | by Dominic Alegrete | Nov, 2023

/in


Ransomware groups extorted $456.8 million from organizations in 2022, less than the last two years.

2022 saw a lot of attacks such as phishing, DDoS, and ransomware, specifically ransomware groups extorting $456.8 million from companies. This marked a drop in money extorted by 40% from the previous two years that saw record-breaking highs with it being $765 million.

The decline in ransomware profits isn’t from fewer attacks but is stimulated by victims deciding not to pay the hackers. Ransomware in general was very active in 2022, with thousands of file-encrypting malware strains targeting organizations of all sizes and sectors.

Due to payments decreasing this also resulted in the average lifespan of a ransomware strain dropping from 153 days in 2021 to just 70 in 2022. Despite multiple extortion tactics such as leaking data and file encryption of DDoS attacks, victims are still refusing to pay the ransom and meet the attacker’s demands.

Coveware a cyber threat intelligence firm has identified the trend since 2019 and stated that the victim paying rates are constantly going down. In 2019 76% of victims decided to pay the ransom while 26% decided to not pay and deal with the consequences. Since then each year the percentage of victims paying has gone down and the victims that did not pay has gone up by 19=20%.

Ransomware attacks can have severe consequences on organizations ranging from files stolen, loss of revenue, and a tarnished reputation due to the severity of the attack. Many popular groups like LockBit, Hive, Cuba, Royal, Ragar, and BlackCat emerged through 2022 as the new ransomware-as-a-service groups. All the main groups I mentioned above make up 75% of all ransomware strains distributed to victims.

This past year has taken a turn for the better, 2022 was the first year that more ransomware victims did not pay. The approach changing stems from victims realizing that paying the ransom does not guarantee their files will be given back or not deleted. Another reason is that the perception of ransomware attacks has matured, and companies know what kind of news it brings if they were to pay to cause their reputation to be tarnished. Lastly, organizations may be implementing…

Source…

UK among countries to sign ransomware payments agreement

/in


The UK is among more than 40 countries to have signed a pledge agreeing that central government funds should not be used to pay ransomware demands to cyber criminals.

A joint statement from the Counter Ransomware Initiative (CRI) said the countries “would lead by example” by not paying ransomware demands and “strongly discourage anyone” from doing so.

The UK’s National Cyber Security Centre (NCSC) has always advised businesses and individuals to never pay ransomware demands, and it has been long-standing Government policy to not do so.

The agreement has also been signed by countries including the US, Australia, Canada, France, Germany, Japan and South Korea, as well as Interpol.

Security minister Tom TugendhatSecurity minister Tom Tugendhat

Security minister Tom Tugendhat hailed the pledge ‘an important step forward’ (PA)

Security minister Tom Tugendhat said the agreement would help set a new “global norm”.

“Crime shouldn’t pay. That’s why the UK and her allies are demonstrating leadership on cybersecurity by pledging not to pay off criminals when they try and extort the taxpayer using ransomware,” he said.

“This pledge is an important step forward in our efforts to disrupt highly organised and sophisticated cyber criminals, and sets a new global norm that will help disrupt their business models and deter them from targeting our country.”

Ransomware is a type of malicious software used by cyber criminals which often encrypts or steals data once it has gained access to a computer system.

The victim is then told to pay a large fee – often in cryptocurrency, which is harder to trace – in order to get their files back.

However, cybersecurity experts, including those at the NCSC, argue that paying a fee only benefits the criminals as it provides an incentive to continue offending and it does not guarantee the release of the affected data – a stance the CRI has now publicly backed in the agreement.

NCSC chief operating officer Felicity Oswald said: “Ransomware poses a significant threat to organisations in the UK and around the world and so international collaboration is essential for bearing down on cyber-criminal operations.

“The joint statement today demonstrates that the UK and a like-minded community of countries…

Source…

US, others commit against ransomware payments

/in


TechCrunch reports that the U.S. and dozens of other countries have jointly agreed not to pay ransoms demanded by ransomware operations and financially motivated threat actors during the third International Counter Ransomware Initiative meeting.

While not all of the CRI’s 48 member governments have committed to going against ransomware payments, such a pledge represents a significant step in curbing the illicit financial backbone of the ransomware ecosystem, according to Deputy National Security Advisor Anne Neuberger.

“This was a really big lift, and we’re in the final throes of getting every last member to sign. But we’re pretty much there, which is exciting,” Neuberger said.

Other anti-ransomware efforts have been introduced at the meeting, including a shared denylist containing details of ransomware groups’ digital wallets, and novel information-sharing platforms, as well as artificial intelligence utilization for examining ransomware payments across cryptocurrency platforms.

“If one country is attacked, others can quickly defend against that attack,” added Neuberger.

Source…