Tag Archive for: ransoms

Hacking Victims Paid $1.1bn In Ransoms Last Year

/in


New research has revealed the scale of extortion being carried out by cyber criminals against ransomware victims in 2023.

New York-based blockchain analysis firm Chainalysis in its ‘2024 Crypto Crime Report’, found that ransomware payments exceeded $1bn in 2023, which was a record high.

It comes after a similar report from Chainalysis in February 2022 found that roughly 74 percent of all ransomware payments in 2021 had been sent to Russian-linked cyber-criminals.

2022 vs 2023

The latest Chainalysis report found that while 2022 saw a decline in ransomware payment volume, the overall trend line from 2019 to 2023 indicates that ransomware is an escalating problem.

In 2022 the report suggested that several factors had likely contributed to the decrease in ransomware activities two years ago, such as geopolitical events like Russia’s illegal invasion of Ukrainian.

This Ukraine war not only disrupted the operations of some cyber actors, the report stated, but also shifted their focus from financial gain to politically motivated cyberattacks aimed at espionage and destruction.

Last December the UK’s National Cyber Security Centre (NCSC) had warned that Russian intelligence services, namely Centre 18 of Russia’s Federal Security Service (FSB), were carrying out a “sustained” attack on UK politics and the democratic process in this country.

And the Chainalysis report noted that 2023 marks a major comeback for ransomware, with record-breaking payments and a substantial increase in the scope and complexity of attacks.

Watershed year

The Chainalysis report found that in 2023, ransomware actors intensified their operations, targeting high-profile institutions and critical infrastructure, including hospitals, schools, and government agencies.

Indeed, major ransomware supply chain attacks were carried out exploiting the ubiquitous file transfer software MOVEit, impacting companies ranging from the BBC to British Airways.

As a result of these attacks and others, ransomware gangs reached an unprecedented milestone, surpassing $1 billion in extorted cryptocurrency payments from victims, the report found.

Chainalysis called 2023 a watershed year for ransomware.

Conservative…

Source…

Conti-linked ransomware takes in $107 million in ransoms: Report

/in


Black Basta, a ransomware campaign thought to be the brainchild of people linked to the infamous Conti malware gang, has been paid more than $100 million in the past year and a half, infecting 329 known victims.

According to a report published this week by blockchain analytics firm Elliptic, the Black Basta ransomware has attacked targets in a pattern similar to that of the Conti gang, both in terms of regionality and industry. Nearly two-thirds of Black Basta’s attacks have been against US companies, and, like Conti, manufacturing, engineering and construction and wholesale/retail businesses have been the most common targets. Other industries were also targeted, however, including law firms, real estate offices, and more besides.

Elliptic, in concert with Corvus Insurance, researched the blockchain connections between cryptowallets used to accept Bitcoin ransom payments, and discovered distinctive patterns. This, the report said, allowed the researchers to identify more than 90 ransom payments to Black Basta, which averaged $1.2 million each. They identified a total of $107 million in payments to the group.

The report noted that this figure is likely to be a “lower bound,” however, given the likelihood of payments that they were unable to identify. The two highest-profile victims are Capita, a tech outsourcing firm with huge UK government contracts, and industrial automation company ABB.

The report notes that neither company has disclosed any ransom payments. Capita did not immediately reply to requests for comment; ABB acknowledged in a statement that it experienced a “security incident,” but did not specify whether the incident involved ransomware.

“In May 2023, ABB became aware of an IT security incident impacting certain company IT systems. As a result of the incident, ABB started an investigation, notified certain law enforcement and data protection authorities, and worked with leading experts to determine the nature and scope of the incident,” according to an ABB statement sent by its media relations head. “ABB also took steps to contain the incident and further enhance the security of its systems. Based on its investigation, ABB…

Source…

Can CRI members really avoid paying ransomware ransoms?

/in


  • The International Counter Ransomware Initiative met this week and outlined how its members would combat the growing threat of cybercrime.
  • Among the commitments was a recommendation for CRI members not to pay ransoms.
  • This will be accomplished through training and knowledge sharing among the CRI members.

Ransomware has the ability to entirely upend a business and without proper disaster recovery, a business could be forced to cough up and pay the ransom attackers demand.

This week, 50 members of the International Counter Ransomware Initiative (CRI) met in Washington, D.C for the third convening of the initiative. South Africa is a member of this group. During this meeting the group outlined the development of capabilities to disrupt attackers and the infrastructure they use to conduct said attacks.

There are some great suggestions here such as mentoring and training new CRI members, using artificial intelligence to counter ransomware and even share information about attacks between CRI members.

In addition, there was mention of adopting a policy where governments who are members of the CRI declare that they won’t pay ransoms.

“Through the Policy Pillar, CRI members affirmed the importance of strong and aligned messaging discouraging paying ransomware demands and leading by example. CRI members endorsed a statement that relevant institutions under our national government authority should not pay ransomware extortion demands. CRI members intend to implement the Financial Action Task Force (FATF)’s Recommendation 15 on the regulation of virtual assets and related service providers, which would help stem the illicit flow of funds and disrupt the ransomware payment ecosystem,” reads a briefing published by The White House.

This sounds great but the fact of the matter is that many companies still pay ransoms. In its The State of Ransomware 2023 report, Sophos found that 46 percent of the 3 000 IT and cybersecurity leaders surveyed reported that ransomware ransoms were being paid.

While not paying a ransom is regarded as best practice in the cybersecurity space, as we mentioned, if there aren’t proper backups of data, disaster response and…

Source…

Repeat ransomware attacks hit 80% of victims who paid ransoms

/in


Organizations that pay up after a ransomware attack incur a high probability of a second attack.

New research from endpoint security vendor Cybereason examined the short and long-term impacts ransomware has on businesses through a survey of 1,263 infosec professionals from the U.S., United Kingdom, Spain, Germany, France, United Arab Emirates and Singapore. One of the most significant findings of the survey was that 80% of organizations that paid ransom demands experienced a second attack.

To make matters worse, of those who did get attacked again, nearly half said they believed it was at the hands of the same attackers, while just 34% said they believed the second attack was perpetrated by a different set of threat actors.

Additionally, paying does not guarantee operations will go back to normal, according to the Cybereason report. Of those surveyed, 46% regained access to their data following payment, but some or all of the data was corrupted. And 25% of respondents said a ransomware attack led to their organization closing down.

Cybereason’s report presents troubling data around the growing threat of repeat attacks. Though 80% is higher than Cybereason co-founder and CTO Yonatan Striem-Amit expected, he said it was not that surprising. The reason for the remarkably high percentage is that when businesses make the choice to pay the ransom, they may be solving an immediate problem, Striem-Amit said. But they are also announcing their willingness to pay potentially large sums of money to resolve a crisis.

Striem-Amit said cybercriminals have gotten better at identifying would-be targets, and the larger ransomware groups are specializing in big game hunting — going after major multinational corporations with targeted intrusion techniques. The problem has become so bad that the White House recently issued a ransomware directive just for businesses.

“When victims are paying, they’re putting a sign to attackers: we’re open for business,” he said. “The criminals then attack these victims again before they have a chance to ramp up their security practices.”

Repeat attack causes

Cybereason isn’t the only vendor to observe the trend of organizations being attacked multiple…

Source…