FBI Special Agent Joel DeCapua presented at this year’s RSA security conference. His sessions described how he was able to use bitcoin wallets and ransom notes to calculate ransomware payments for the last six years.
According to DeCapua, ransomware victims paid approximately $144,350,000 in bitcoins to ransomware actors between October 2013 and November 2019. This doesn’t include operational losses or costs associated with recovery. $144,350,000 covers just the ransom payments alone. The actual costs are much higher.
Most Profitable Ransomware Variants
Ryuk leads all ransomware variants. It generated $61 million between February 2018 and October 2019.
Crysis/Dharma came in second with $24 million between November 2016 and November 2019.
In third, Bitpaymer generated $8 million between October 207 and September 2019.
Finally, SamSam brought in $6.9 million between January 2016 and November 2018.
DeCapua stated that most of the money (about $64 million) was cashed out via virtual currency exchanges. Another $37 million still sits untouched in bitcoin wallets.
According to Agent DeCapua, Remote Desktop (RDP) provided the initial means of entry in 70-80% of incidents. Mostly, ransomware actors accomplished this via brute-force attacks on RDP. Automated tools repeatedly try password variations until one works. If it’s not RDP, entry was gained via phishing instead.
“It’s brute force because there are really, really bad passwords or there are just complex passwords that are re-used all over the place and they end up on some password cracking list,” said DeCapua.
DeCapua recommended not using human-readable passwords. “If you can tell your password to someone else in under 30 seconds, it’s probably not a secure password.” Additionally, better security requires closer monitoring of networks. You can track Finally, he recommends that companies should have a plan for handling a successful ransomware attack. Have an offline backup in addition to the local or cloud backups.
The FBI advises against paying ransom demands in these cases. Paying doesn’t guarantee you’ll get the data back. It also encourages more activity by these criminals. Unfortunately, you may not have a choice if you don’t have a plan. If that’s the case, we can help with that. Just request a free consultation below to get started!